Windows 2000 exploits raise worm attack fears

Fears of a network worm attack targeting unpatched Windows 2000 systems heightened on Thursday with news that private security researchers have already reverse-engineered Microsoft's critical MS05-051 update to create proof-of-concept exploits. The MS05-051 bulletin, which shipped as part of Microsoft Corp.'s October batch of patches, includes fixes for four different Windows flaws, one of which is considered a major worm hole in the enterprise-heavy Windows 2000 operating system. That bug, an unchecked buffer in the MSDTC (Microsoft Distributed Transaction Coordinator), could be exploited by a remote unauthenticated user to take complete control of an unpatched system. "That one is really easy to exploit," said Marc Maiffret, co-founder and chief hacking officer at eEye Digital Security, the private research outfit that discovered and reported the vulnerability to Microsoft. "We are definitely going to see dangerous exploits for it because it's not really technically challenging to write the exploit code," Maiffret said in an interview with Ziff Davis Internet News. "Whether we see a worm or not will depend on whether anyone wants to write a worm. If someone wants to unleash a worm, it's really not that hard with this vulnerability," he added. The message from Microsoft is for Windows 2000 users to treat MS05-051 as a high-priority update. "[We are] aware that exploit code for the vulnerabilities addressed by Microsoft security bulletin MS05-051 is available through third-party fee-based security offerings. Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time," MSRC program manager Stephen Toulouse said Thursday. He said Microsoft would actively monitor the situation to keep customers informed and to provide customer guidance as necessary. "Currently this exploit is not publicly available, but we continue to urge customers on older versions of our operating systems to deploy MS05-051 to help protect from attempted exploitation," Toulouse said. "The MSRC is constantly monitoring the threat environment for any malicious activity. We are keeping an especially close eye on the newsgroups and vulnerability lists for exploits related to this month's activities and will mobilize immediately to help protect customers against threats as necessary." UKFast is not responsible for the content of external Internet sites.

print this article

Return to internet news headlines
View Internet News Archive

Share with: