Exploits in the wild for Microsoft Workstation Service flaw

By

Two in-the-wild exploits for the Microsoft Workstation Service vulnerability appeared today, two days after the dangerous flaw was patched as part of the software giant's monthly fix cycle, researchers said.

Exploits in the wild for Microsoft Workstation Service flaw
IT security experts had predicted the memory corruption bug, which allows for attackers to assume control of an affected system and execute remote code just by gaining authentication, would soon be actively exploited after the fix. The flaw was not widely known until it was patched.

Many security firms agreed the bug was the most critical of the nine vulnerabilities patched because it affects Windows 2000 and XP platforms, leverages ports that are critical to organisations and could be used in a worm attack.

"It's not a client-side vulnerability," Jonathan Bitle, manager of technical accounts for Qualys' vulnerability research team, told SCMagazine.com today. "It's a true remotely exploitable vulnerability."

A Microsoft spokesperson told SCMagazine.com that company researchers are aware of publicly published exploit code and they are attempting to confirm its validity before issuing an advisory.

The spokesperson added that the vulnerability is rated "critical" only on Windows 2000 and carries a "low" severity on Windows XP Service Pack 2 editions.

Enterprises are urged to patch their systems as soon as possible because an available work-around, blocking access to well-known ports 139 and 445, would block business functions such as data sharing, Bitle said.

One goal of attackers might be to add infected systems to their armies of botnets, he said.

Click here to email Dan Kaplan.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?