The Month: Threat of the month - Flaw in Windows Server service

By

What is it?

A vulnerability in the Windows Server service on Windows 2000, XP and 2003 allows remote attackers to take control of the system. It has already been exploited by malware authors, prompting the US Department of Homeland Security to issue a warning on its website.


How does it work?

A buffer overrun can be used to execute malicious code on a target machine. Botnet authors have been using it to install trojan backdoors on systems to expand their networks, but it could easily be used for a network worm.

Should I be worried?

This is a dangerous vulnerability that was already known before Microsoft issued the bulletin (MS06-040) and patch in August. Although no exploit code was publicly available before the patch, malware followed almost immediately. All versions of Windows are vulnerable and can be exploited over the commonly used ports 139 and 445 (used for SMB).

What can I do about it?

Microsoft has issued a patch you should install as soon as possible after expedited testing. On critical machines, or those that cannot be patched, blocking ports 139 and 445 will prevent remote exploit.Use a scanning tool like Microsoft's MBSA to identify vulnerable systems on your network.

www.microsoft.com/technet/security/bulletin/ms06-040.mspx.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?