 |
 Experts warn about Blaster-2
September 12, 2003
Microsoft acknowledged three security flaws in Windows on Wednesday that could have similar consequences to that of the infamous MSBlast (Blaster/Lovesan) worm of August.
Experts have urged computer users to install personal firewall software, apply security patches from Microsoft and keep their antiviruses updated to avoid repeat of recent Blaster worm attack.
The vulnerabilities, which affect Windows NT 4.0, Windows 2000, Windows Server 2003, Windows XP and the some versions of Windows XP, are the latest in a string of critical flaws identified in Windows recently. A patch can be downloaded from Microsoft's TechNet web site.
All of the vulnerabilities are related to the Distributed Component Object Model (DCOM) interface in Windows's Remote Procedure Call Service (RPCS). RPC is a standard communication mechanism that enables applications running on separate machines to access each other's services. DCOM, Microsoft's proprietary technology, defines the RPC that allows programs to transfer data across a network.
A hacker who exploits these vulnerabilities can take a variety of actions on the compromised PC, including installing trojans; viewing, changing or deleting data; or creating new accounts with full rights.
The latest flaws are within the same RPC/DCOM-related code that was compromised by the creator of the recent MSBlaster virus
The patch issued by Microsoft in July to protect machines against MSBlaster shut off some, but not all, of the deficiencies in this feature.
All users of personal firewalls like Agnitum's Outpost Firewall Pro and ZoneLabs' Zone Alarm are well protected against these flaws. Personal firewalls prevent illegal access to all services (including RPC/DCOM) from the Internet by blocking the specific port used by a computer to offer those services.
The vulnerabilities were discovered internally, as well as by independent security experts, including eEye Digital Security. The new findings are the result of increased inspection of Windows code used to handle RPC since the discovery of the earlier RPC DCOM flaw by the Polish hacking group, the Last Stage of Delirium Research Group.
|
|
