The Cert Co-ordination Centre has issued an advisory
which calls attention to a recently disclosed security hole in
Microsoft's Windows 2000 and Windows XP operating
systems.
The buffer overrun vulnerability in the Workstation Service, a
Windows component, is well-suited to exploitation by an internet
worm and would allow malicious hackers to remotely attack and
compromise vulnerable systems, Cert said.
Microsoft released a "critical" security bulletin, MS03-049, and a
software patch for the Workstation Service vulnerability and
encouraged all customers to download and install the patch
immediately.
The service is turned "on" by default in Windows 2000 and Windows
XP systems, and allows computers on a network to connect to file
servers and network printers, Microsoft said.
The Cert Advisory, CA-2003-28, echoes Microsoft's recommendation
that users apply the patch immediately and encourages organisations
to block ports 138, 139 and 445, which provide outsiders access to
a network using TCP (Transmission Control Protocol) and UDP (User
Datagram Protocol).
Security companies have also issued warnings to their customers
about the latest vulnerability.
Internet Security Systems released a security brief calling the
Workstation Service vulnerable "relatively easy to exploit", and
warned that "exploits written to take advantage of standard [buffer
overruns] are generally very robust, and good candidates for use in
the creation of internet worms".
The Cert Advisory about the Workstation Service is similar to an
advisory the organisation issued in October after Microsoft
revealed that there was a security hole in the widely deployed
Windows Messenger Service, which allowed users on a network to
display text messages on pop-up windows on a Windows user's
desktop.
Like Workstation Service, Windows Messenger Service is enabled by
default on many versions of Windows and contains a buffer overrun
vulnerability that makes it an attractive target for malicious
hackers and virus writers.
After releasing a patch for the Windows Messenger Service
vulnerability, Microsoft said it would disable the feature by
default in Service Pack 2 for Windows XP in an effort to protect
computers from attacks.
Turning off Workstation Service will not be easy. The service must
be enabled for computers on a network to connect to shared file
servers or printers. Disabling disrupts a user's ability to log on
to and browse computer networks, Microsoft said.
Microsoft and Cert said that disabling Workstation Service is only
feasible as an alternative to applying the software patch for
stand-alone computers that are not on a network, such as those used
by home users.
Paul Roberts writes for IDG News Service