Windows could face massive attack

One security expert says the latest flaw detected in Microsoft Corp.’s Windows operating system makes other viruses such as Bugbear and Nimda seem “almost silly” in comparison because of the damage hackers could inflict if they gain access to a computer or network.

Gary Morse, president of Razorpoint Security Technologies Inc. in New York, said that the vulnerability is more dangerous than viruses like Nimda because it attacks the buffer overflow in the operating system and could allow for hackers to run code of their choice on a victim’s machine. Essentially, this would make the hacker the new administrator on the machine or the entire corporate network, he added.

Razorpoint is in the unusual position of actually getting paid by its clients to break into their networks to show where vulnerabilities exist. To date, Morse said not one of its customers has reported a system attack as a result of the Microsoft flaw because Razorpoint customers patched their systems “immediately.”

For its part, Microsoft released a security bulletin on July 16, which is available on its Web site, www.microsoft.com/security/security_bulletins/ms03-026.asp. Information on the site confirmed that a hacker “could gain control” over the operating system.

Even with a patch available, Morse noted that customers still need to get over one important simple hurdle.

“Customers who are not asleep actually go and download and install the patch and re-test their systems…this seems to be the hurdle. Just because a patch is out doesn’t mean a company will go and install it on every machine,” he said.

To boot, the vulnerability has lead the U.S. Homeland Security Department and analyst firm Gartner Inc. to issue warnings to customers on their Web warning of its severity.

According to Gartner, the increase in scanning against ports 135 and 445 of the Windows operating system, which is responsible for connecting to Windows-based remote procedure call (RPC) services, essentially leaves Microsoft’s Active Directory exposed. Gartner has instructed customers to make certain their firewalls can block the vulnerable service and the affected ports.

On its Web site on Wednesday, the U.S. Homeland Security Department warned that hackers had tested tools that take control of vulnerable computers over the Internet and had successfully stolen data or erased files. When asked by IT World Canada why the government would post such information, Morse said flatly that it is “trying to be proactive” because over the past decade, government machines “were some of the easiest to compromize.” He speculated that the U.S. government may be trying to develop its own Computer Emergency Response Team (CERT) group in a more concentrated effort to secure its IT infrastructure.

Gartner in Cambridge, Mass., is at www.gartner.com and in Washington, D.C. the U.S. Homeland Security Department is online at www.whitehouse.gov/homeland.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now