NOW READ THIS
("Security Advisory")

Go Back

Submitted by: Bill Hickey
NCVA List Master

NRT-0355 Attack Code Released for Critical Windows Flaw:


In what may be the first step toward a major security problem, security researchers have released attack code that will crash Windows machines that are susceptible to a recently patched bug in the operating system. The code is nt available to the general public. It was released Thursday, 18January, to security professionals who use Immunity's Canvas computer security testing software. It causes the Windows system to crash but does not let the attacker run malicious software on the victim's system. The bug is particularly troublesome for two reasons. First, it affects a widely used Windows component that is turned on by default. Worse, no user interaction is required to trigger the flaw, meaning that it could be exploited in a self-copying worm attack. Worse, no user interaction is required to trigger the flaw, meaning that it could be exploited in a self-copying worm attack. Microsoft patched the flaw in its MS08-001 update, released last week, but it takes time for enterprise users to test and install Microsoft's patches. The flaw lies in the way Windows processes networking traffic that uses IGMP (Internet Group Management Protocol) and the MLD (Multicast Listener Discovery) protocol, which are used to send data to many systems at the same time. The protocols are used by a range of applications, including messaging, web conferencing, and software distribution products. For a worm attack to work, the attacker would have to send specially crafted packets to a victim's machine, which could then allow the attacker to run unauthorized code on the PC. The worm could then spread from computer to computer within a LAN but would generally be stopped from traveling to another network by a firewall. After patching the flaw, Microsoft published some technical research indicating that it would be hard for an attacker to exploit this vulnerability. But a security researcher believes that Microsoft may have overestimated how difficult it would be to create reliable attack code. Because it could spread so quickly through a network, a reliable exploit "is going to be worth the effort," he said. "You can be assured lots of smart people are working on it."

(IDG News Service 17JAN08)


Valid XHTML 1.0! Valid CSS! Counter Image
Last Modified: Sunday, 17-Feb-2008 09:52:21 EST