New Worm Headed Our Way?

Discussion in 'News' started by SimonV, Sep 12, 2003.

  1. SimonV
    Honorary Member

    SimonV Petabyte Poster Gold Member

    [​IMG]<font size="3">New Worm Headed Our Way? </font>

    Administrators and security specialists hoping for a breather now that Blaster has faded and SoBig.F has expired may be in for a long weekend.

    The nature of the new vulnerabilities revealed yesterday in the RPC DCOM implementation in Windows is so similar to the one that Blaster exploits that security experts believe it's only a matter of days, if not hours, before someone releases a worm to attack the new weaknesses. Even though it infected close to a million machines, experts say the Blaster worm was poorly coded and as a result did not do nearly the damage that a more efficient worm could have done. Blaster easily could be modified to work much better, and because the source code for the worm is readily available online, it's likely that someone is already at work on that task.

    "It all adds up to a situation where we'll probably see a worm in the next 24 hours or so," said Jerry Brady, chief technology officer at managed security provider Guardent Inc., based in Waltham, Mass. "This could be worse. It wouldn't take very much¬ójust some very minor changes to the way the RPC connections work or the duration of the connections."

    Like the vulnerability that Blaster exploits, two of the three new flaws reported in the RPC DCOM implementation in Windows are buffer overruns that could enable an attacker to run arbitrary code on a vulnerable machine. The flaws affect Windows NT 4.0, 2000, XP and Windows Server 2003.

    Full Story:

    Related News: Three New Critical RPC Flaws Found
    Related News: Blaster II? Microsoft warns of new security holes
    Related News: Microsoft to Issue Security-Fix Rollup
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...


    Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.