On MovieTome: The 10 worst movies of 2009 so far!
BNET Business Network:
BNET
TechRepublic
ZDNet
88 TalkBacks

By Munir Kotadia
Posted on ZDNet News: Feb 17, 2004 4:26:00 PM

A piece of code that exploits a critical vulnerability that Microsoft issued a patch for only last week has been posted online, raising fears of an imminent MSBlast-style attack.

On Feb. 10, Microsoft released a patch that fixes a networking flaw that affects all Windows XP, NT, 2000 and Server 2003 systems. The company warned people to patch their systems, because the vulnerability could be exploited by virus and worm writers.

Four days after the patch was released, a piece of code was published on a French Web site that would let anyone exploit the vulnerability, meaning that unpatched customers could be hit with a worm similar to last summer's MSBlast, also known as Blaster.

Richard Starnes, director of incident response at telecommunications giant Cable & Wireless, told ZDNet UK that the code appears to work.

"We ran (the compiled code) against an unpatched XP and Windows 2000 SP3 system, and it took both systems down. It does a buffer overflow and immediately sends the PC into a reboot phase that you can't get out of," he said.

According to Starnes, the published attack could easily be turned into another MSBlast or Code Red type of "blended attack," in which the worm has two distinct modules: one for spreading and the other containing a payload.

"We have started seeing two-phase or two-tier worms--worms that have two attack vectors--one is a propagation vector and one is for launching an attack. The vast majority of worms we have seen only have a propagation payload. But with this one, you can have a propagation payload, and you can have a proper payload--being a DDoS (distributed denial-of-service) platform."

Jay Heiser, chief analyst at IT risk management company TruSecure, told ZDNet that the code on its own is simply a DDoS attack and can cause limited damage, but because it exploits a buffer overflow, it could be used to cause havoc. "A denial-of-service attack is the equivalent to letting the air out of a tire in a car. It is annoying to the driver and might be fun once or twice for the attacker, but it is not the same thing as allowing you to go for a joyride. The fact that the DoS attack works against the buffer overflow suggests a greater likelihood that a more sophisticated attack is possible," Heiser said.

Munir Kotadia of ZDNet UK reported from London.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 88 Talkback(s)
hey, it's unsafe to kiss too, but are ya gonna stop
so whats the odds your gonna get this anyways, almost zero (Read the rest)
Posted by: V Sanders Posted on: 02/20/04 You are currently: a Guest | | Terms of Use
using m$ wares raises fears  stephen732@... | 02/17/04
Why dont they just get it over with??  nite_w0lf | 02/17/04
You've got it  jfrankcarr | 02/17/04
Lessons from Biology  tic swayback | 02/17/04
damn!  stephen732@... | 02/17/04
Finish it  OhMyGosh | 02/17/04
finish it quickly  stephen732@... | 02/17/04
Security by Obscurity DOES NOT WORK  DonnieBoy | 02/17/04
re : Security by Obscurity DOES NOT WORK  JWatson77 | 02/17/04
Waiting for the perfect worm.  ITGuy04 | 02/17/04
Blasted patches  crocd | 02/17/04
hint...  ITGuy04 | 02/17/04
Linux In A Bottle  nikoli | 02/17/04
headaches  michael-t | 02/17/04
I know enough to know  nikoli | 02/17/04
you know nothing  stephen732@... | 02/17/04
You're Right, I Don't Know What's Good For Me  nikoli | 02/18/04
Fix for nix  Doug@... | 02/17/04
Another Windows user shows his ignorance...  Jomo_z | 02/17/04
Probably would.  ITGuy04 | 02/17/04
blah blah blah  DarbyOhara | 02/18/04
Screw them all!  FreeBSD | 02/17/04
pfffffssssst!  DarbyOhara | 02/18/04
This is impossible.  michael-t | 02/17/04
my experience...  ryusen | 02/17/04
You'd best read this.  Yen_z | 02/17/04
Turn Off Auto Update  nikoli | 02/17/04
Sorry, but that's not a fix.  Yen_z | 02/17/04
Sorry, It Actually Is  nikoli | 02/17/04
Nope, still not a dependable fix.  Yen_z | 02/18/04
Dude, Go Back To School  nikoli | 02/18/04
patch  d_jedi | 02/17/04
I tried Linux but  xbee | 02/17/04
What An Idiot  nikoli | 02/17/04
Well Linux does require intelligence  Suicida| | 02/18/04
dude  ryusen | 02/18/04
I don't see what all the fuss is about.  Yen_z | 02/17/04
no problem  crocd | 02/17/04
Actually...  Yen_z | 02/17/04
What the fuss is all about....  John Le'Brecage | 02/17/04
Apologies! post was off topic.  John Le'Brecage | 02/17/04
Oh, but good point!  Yen_z | 02/17/04
Re: Off Topic  Rabid Conservative | 02/18/04
Its is a problem.  +-Chris-+ | 02/17/04
Good God, y'all  emartin_z | 02/17/04
I got it too  OhMyGosh | 02/17/04
Official flame guide adhered to by many ZDNet posters  pschroeder@... | 02/17/04
Hint - I would love to  crocd | 02/17/04
HInt  ITGuy04 | 02/17/04
Can I work with you?  vferrara | 02/17/04
Actually...  ITGuy04 | 02/17/04
Incorrect math  vferrara | 02/17/04
RE: can i work with you  dtomba | 02/17/04
I don't know  vferrara | 02/17/04
Alternately  Chad_z | 02/17/04
hey, wow!  pschroeder@... | 02/17/04
you shill! you corperate slave! you capitalist pig!  ryusen | 02/18/04
Simple Solution  Dave P. | 02/17/04
Payload Nightmare  Chad_z | 02/17/04
Linux In A Bottle  nikoli | 02/17/04
Oops  nikoli | 02/17/04
No wonder!  Dave P. | 02/17/04
Dave P... Real Man Of Genius  nikoli | 02/17/04
Do the math  Dave P. | 02/17/04
Have Done The Math  nikoli | 02/17/04
Source Code  Remy_z | 02/17/04
The difference  Michael Kelly | 02/17/04
No need to wonder, it's already there...  Jomo_z | 02/17/04
Apply your logic  Jose Jimenez | 02/17/04
Critical WinFlaw? Is it Tuesday already?  issthatso | 02/17/04
My Win system: If it's Tuesday, it must be belchin'  emartin_z | 02/17/04
One freaking Windows partition  Chad_z | 02/17/04
MS Exploits  bigbearpcs2 | 02/17/04
48 hour patches ???  nikoli | 02/17/04
TIME TO REBOOT SERVERS  JWatson77 | 02/17/04
proxy it.  Suicida| | 02/18/04
Well, when Windows is gone  FilledOut | 02/17/04
Windows is more secure than Linux  Xunil_Sierutuf. | 02/17/04
RE: Windows is more secure than Linux  Iain_Peters | 02/18/04
There are still vacancies going in hairdressing, you know?  DanIelWalker_z | 02/18/04
Come back after you get a real job.  Suicida| | 02/18/04
You ignorant looser  beafeater | 02/18/04
drp the crack pipe and step away from your computer  Zandletweef | 02/18/04
Well Windows is used by 96% of all PCs!  DonB_z | 02/17/04
And that will be its downfall  DarthRidiculous | 02/17/04
But only 96% of PCs  DanIelWalker_z | 02/18/04
maybe it's just me................  aquabob | 02/18/04
hey, it's unsafe to kiss too, but are ya gonna stop  V Sanders | 02/20/04

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here