Hackers working to exploit Windows hole

Hackers began circulating a computer program capable of exploiting a critical vulnerability in Windows operating systems within...

Hackers began circulating a computer program capable of exploiting a critical vulnerability in Windows operating systems within four days of the problem being disclosed by Microsoft.

The program, which is designed to launch denial of service attacks on Windows servers, could be used by hackers to disable corporate IT systems.

Its appearance on the internet has heightened the need for organisations to patch their systems quickly, said Richard Starnes, director of incident response at Cable & Wireless Managed Security Services.

Reports from the Sans Internet Storm Centre, which analyses internet attacks, suggested that hackers were already using the code to launch denial of service attacks.

Cable & Wireless ran tests on the code, which exploits a buffer overflow vulnerability in Microsoft's ASN.1 library in Windows 2000, and potentially other Windows versions.

Starnes said he was concerned that hackers could incorporate the exploit, which attacks ports 445 and 139, into a new generation of worms capable of propagating on company networks.

"I do not think we are going to see an attack or a new worm very quickly, because it takes time to develop. But that does not mean hackers are not going to get a copy of MyDoom and put their code in it," he said.

Although many businesses block ports 445 and 139, a worm could wreak havoc if it entered a company's internal systems.

"Organisations should make sure they are implementing proper external and internal security for 445 and 139. They should get their signatures for this vulnerability updated as soon as possible," Starnes said.

Consumers with broadband could be particularly vulnerable to a new worm and provide it with a launch point for attacks against businesses, Starnes said.

The Sans Internet Storm Centre has reported an upsurge in activity on port 445, suggesting that the exploit is already in use.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.