<font size="3">New Worm Headed Our Way? </font>
Administrators and security specialists hoping for a breather now that Blaster has faded and SoBig.F has expired may be in for a long weekend.
The nature of the new vulnerabilities revealed yesterday in the RPC DCOM implementation in Windows is so similar to the one that Blaster exploits that security experts believe it's only a matter of days, if not hours, before someone releases a worm to attack the new weaknesses. Even though it infected close to a million machines, experts say the Blaster worm was poorly coded and as a result did not do nearly the damage that a more efficient worm could have done. Blaster easily could be modified to work much better, and because the source code for the worm is readily available online, it's likely that someone is already at work on that task.
"It all adds up to a situation where we'll probably see a worm in the next 24 hours or so," said Jerry Brady, chief technology officer at managed security provider Guardent Inc., based in Waltham, Mass. "This could be worse. It wouldn't take very muchjust some very minor changes to the way the RPC connections work or the duration of the connections."
Like the vulnerability that Blaster exploits, two of the three new flaws reported in the RPC DCOM implementation in Windows are buffer overruns that could enable an attacker to run arbitrary code on a vulnerable machine. The flaws affect Windows NT 4.0, 2000, XP and Windows Server 2003.
Full Story: www.eweek.com
Related News: Three New Critical RPC Flaws Found
Related News: Blaster II? Microsoft warns of new security holes
Related News: Microsoft to Issue Security-Fix Rollup