Computer Repair HP Printer Repairing
Houston Texas

Microsoft Corp. posted a "critical" security patch for Windows XP, and a digital security outfit called eEye claimed credit for finding the "major vulnerabilities" in the new OS.

Redmond, Wash.-based Microsoft posted on its site that the impact of the vulnerability is to allow someone to "run code of attacker's choice." Microsoft stock was falling after word of the security flaw surfaced. It was down $1.93 at about 2:30 PM yesterday, to $67.56.

Furthermore, Microsoft said that "customers using Windows 98, 98SE, or ME should also apply the patch if the Universal Plug and Play service is installed and running." The patch can be found here.

Aliso Viejo, Calif.-based eEye Digital Security put out a press release "announcing the discovery of major security vulnerabilities in Microsoft's UPNP (Universal Plug and Play) Service."

The company said that Windows XP, by default, ships with a UPNP Service that can be used to detect and integrate with UPNP-aware devices.

eEye said it has discovered three vulnerabilities within Microsoft's UPNP implementation: a remotely exploitable buffer overflow that allows an attacker to gain system level access to any default installation of Windows XP, a Denial of Service (DoS) attack, and a Distributed Denial of Service (DDoS) attack.

The most serious of the three Windows XP vulnerabilities is the remotely exploitable buffer overflow, eEye said. It is possible for an attacker to write custom exploit code that will allow them to execute commands with system level access, the highest level of access within Windows XP.

The other two vulnerabilities are types of denial of service attacks. The first is a straightforward denial of service attack, which allows an attacker to remotely crash any Windows XP system. The crash will require users to power down their machines and start them up again before the system will function.

The second denial of service attack is a distributed denial of service attack. This vulnerability allows attackers to remotely command many Windows XP systems at once in an effort to make them flood/attack a single host.

Privately held eEye Digital Security is a developer of high-end network security products, including Retina, its flagship network vulnerability scanner.

A group of four Polish hackers published code to an open security mailing list on Tuesday that can take advantage of a major vulnerability in the Sendmail mail server.

The code, released less than a day after the Sendmail flaw's public announcement, allows an attacker to remotely exploit a Red Hat or Slackware Linux computer running a vulnerable version of the mail server, the group--known as the Last Stage of Delirium--stated in the analysis that accompanied the code.

While the limited number of platforms affected by the program seems to be good news, the group warned that its quick analysis might have missed other ways of exploiting the problem.

The Mimail.c worm, a variant of an earlier pest that achieved modest distribution by posing as a message from a company's information technology staff, was first detected late last week and managed to infect a handful of PCs.

Hackers Unleashing Code for Blaster Copycat
September 18, 2003
By Sharon Gaudin
Virus writers are reportedly sharing code online that will help them break into computers and could lead to the creation of another Blaster-like worm, according to security experts.

The exploit code, which is making its rounds in the black-hat hacker underground, is the source code that a programmer would use to create an administrative account on an infected computer, giving the hacker control over that computer. The code takes advantage of the latest flaws found in in Microsoft Corp.'s Windows operating system.

''The exploit code allows an attacker to create an administrative account and then he literally owns that computer,'' says Ken Dunham, malicious-code intelligence manager for iDefense, Inc., a security company based in Reston, Va. ''Once he has access to that computer, he can do whatever he wants. It's trivial. With this exploit code it's really easy to do.''

Rachel Sunbarger, a spokeswoman for the Department of Homeland Security, told Datamation that they are monitoring the situation and have been in contact with the FBI, which handles high-tech investigations. ''This exploit code is definitely something that we are watching,'' she says.

Microsoft Corp. announced on Sep. 10 the existence of three recently found flaws in Windows RPC protocols. Two of the flaws are eerily similar to the RPC vulnerability, discovered this summer, that led to last month's release of the Blaster worm, which quickly spread across the world, clogging up corporate systems, sucking up bandwidth and ultimately trying to launch a denial-of-service attack on a Microsoft Web site.

These new vulnerabilities include a Denial of Service flaw and two buffer overruns. The flaws allow a remote attacker to take control of an infected computer, downloading files, destroying information or using that computer to attack other computers.

  Paul Roberts, IDG News Service Monday, November 17, 2003

Computer code that exploits a critical new software vulnerability in the Windows XP and Windows 2000 operating systems is circulating on the Internet, according to security experts.

Two examples of "exploit" code for a buffer overrun in the Windows Workstation Service were posted to security-related Internet discussion groups on Friday and Saturday. Both exploits have been tested and work, according to Dan Ingevaldson, director of X-Force at Internet Security Systems.

The Workstation Service vulnerability was disclosed by Microsoft in Security Bulletin MS03-049, which was released on November 11.

The service is turned "on" by default in Windows 2000 and Windows XP systems and allows computers on a network to connect to file servers and network printers, Microsoft said.

Both the CERT Coordination Center at Carnegie Mellon University and ISS issued advisories last week regarding the Workstation Service vulnerability, warning that it was easy to exploit and well suited to use by self-spreading Internet worms.

The two pieces of code are early attempts to exploit the MS03-049 vulnerability and contain multiple bugs that make them difficult to run. Because of flaws in the way the code authors attempt to trigger the buffer overrun in the Workstation Service, attackers have only one chance to compromise vulnerable Windows systems, which crash when the exploit is not successful, Ingevaldson said. Those faults make the code ill-suited to use in an Internet worm, he said.

"You need exploits that are robust and that work all the time to make an effective worm," Ingevaldson said.

However, virus writers and hackers worldwide will work diligently to refine the exploit code, finding ways to get the code to stop crashing systems and work on all versions of Windows XP and 2000, Ingevaldson said. Such a pattern of refinement preceded the release of the Blaster and Nachi worms in August, Ingevaldson said.

In addition, the two exploits that were publicly released might not be the only exploits for MS03-049 that have been created, he said. "[Exploits are] like cockroaches. If you see one or two, there are probably others as well," Ingevaldson said.

| Home | Contact Us | Business Intranet | Servers | Remote Access | Back-Ups | IT Solutions |