Hackers working to exploit Windows hole
Hackers began circulating a computer program capable of exploiting a critical vulnerability in Windows operating systems within...



From forensic cyber to encryption: InfoSec17
Security technologist Bruce Schneier’s insights and warnings around the regulation of IoT security and forensic cyber psychologist Mary Aiken’s comments around the tensions between encryption and state security were the top highlights of the keynote presentations at Infosecurity Europe 2017 in London.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
The program, which is designed to launch denial of service attacks on Windows servers, could be used by hackers to disable corporate IT systems.
Its appearance on the internet has heightened the need for organisations to patch their systems quickly, said Richard Starnes, director of incident response at Cable & Wireless Managed Security Services.
Reports from the Sans Internet Storm Centre, which analyses internet attacks, suggested that hackers were already using the code to launch denial of service attacks.
Cable & Wireless ran tests on the code, which exploits a buffer overflow vulnerability in Microsoft's ASN.1 library in Windows 2000, and potentially other Windows versions.
Starnes said he was concerned that hackers could incorporate the exploit, which attacks ports 445 and 139, into a new generation of worms capable of propagating on company networks.
"I do not think we are going to see an attack or a new worm very quickly, because it takes time to develop. But that does not mean hackers are not going to get a copy of MyDoom and put their code in it," he said.
Although many businesses block ports 445 and 139, a worm could wreak havoc if it entered a company's internal systems.
"Organisations should make sure they are implementing proper external and internal security for 445 and 139. They should get their signatures for this vulnerability updated as soon as possible," Starnes said.
Consumers with broadband could be particularly vulnerable to a new worm and provide it with a launch point for attacks against businesses, Starnes said.
The Sans Internet Storm Centre has reported an upsurge in activity on port 445, suggesting that the exploit is already in use.
Read more on IT risk management
-
Why businesses must think like criminals to protect their data
-
Security Think Tank: Use awareness, education and controls to halt cryptojacking
-
Security Think Tank: Awareness is a good starting point to counter fileless malware
-
Security Think Tank: Human, procedural and technical response to fileless malware
Start the conversation
0 comments