Cert warns of latest Microsoft vulnerability

The Cert Co-ordination Centre has issued an advisory which calls attention to a recently disclosed security hole in Microsoft's...

The Cert Co-ordination Centre has issued an advisory which calls attention to a recently disclosed security hole in Microsoft's Windows 2000 and Windows XP operating systems.

The buffer overrun vulnerability in the Workstation Service, a Windows component, is well-suited to exploitation by an internet worm and would allow malicious hackers to remotely attack and compromise vulnerable systems, Cert said.

Microsoft released a "critical" security bulletin, MS03-049, and a software patch for the Workstation Service vulnerability and encouraged all customers to download and install the patch immediately.

The service is turned "on" by default in Windows 2000 and Windows XP systems, and allows computers on a network to connect to file servers and network printers, Microsoft said.

The Cert Advisory, CA-2003-28, echoes Microsoft's recommendation that users apply the patch immediately and encourages organisations to block ports 138, 139 and 445, which provide outsiders access to a network using TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).

Security companies have also issued warnings to their customers about the latest vulnerability.

Internet Security Systems released a security brief calling the Workstation Service vulnerable "relatively easy to exploit", and warned that "exploits written to take advantage of standard [buffer overruns] are generally very robust, and good candidates for use in the creation of internet worms".

The Cert Advisory about the Workstation Service is similar to an advisory the organisation issued in October after Microsoft revealed that there was a security hole in the widely deployed Windows Messenger Service, which allowed users on a network to display text messages on pop-up windows on a Windows user's desktop.

Like Workstation Service, Windows Messenger Service is enabled by default on many versions of Windows and contains a buffer overrun vulnerability that makes it an attractive target for malicious hackers and virus writers.

After releasing a patch for the Windows Messenger Service vulnerability, Microsoft said it would disable the feature by default in Service Pack 2 for Windows XP in an effort to protect computers from attacks.

Turning off Workstation Service will not be easy. The service must be enabled for computers on a network to connect to shared file servers or printers. Disabling disrupts a user's ability to log on to and browse computer networks, Microsoft said.

Microsoft and Cert said that disabling Workstation Service is only feasible as an alternative to applying the software patch for stand-alone computers that are not on a network, such as those used by home users.

Paul Roberts writes for IDG News Service

Read more on IT risk management