Attack code posted for latest Microsoft bugs

Hackers have ported code that exploits a critical vulnerability in Windows' Workstation service, patched Tuesday.

Hackers have posted code that could be used to target Microsoft's Windows operating system in a worm attack.

The code, which was published early Thursday on the Milw0rm Web site, works on the Windows 2000 operating system, according to Oliver Friedrichs, director of emerging technologies with Symantec Corp.'s Security Response.

It takes advantage of a flaw in the Windows Workstation service, which Windows uses to do things like file-sharing or printing over the network.

When Microsoft patched this flaw in its monthly batch of security fixes earlier this week, security vendors had warned that this was one of the most critical of the November updates, and could possibly be exploited in a self-replicating worm.

On Thursday, they reiterated this advice, though the odds of a widespread worm may not be great.

"If you run Windows 2000 systems in your environment, this flaw is the most critical one to patch, and even more so now that there's a live working exploit on the Internet," said Marc Maiffret, chief technology officer with eEye Digital Security.

Maiffret said that while the Workstation flaw is "just as easy to exploit" as the flaws used by the Blaster and Zotob worms, the bad guys have realized that they can be more effective by using their malware in low-key, targeted attacks. "Nobody is going to dare to write a worm," he said. "Why would they, when they could target companies and make money off of them?"

"All worms do is create awareness," he added.

There is also a technical factor that may limit the spread of any worm based on this exploit code.

According to Friedrichs, the attack code must also be aware of a legitimate domain controller on the victim's network. "It limits somewhat the exposure of systems on the Internet," he said.

Symantec has not yet seen this malware being used in attacks, Friedrichs said Thursday.

Still, some security vendors think that a worm attack could be in the works. "If we are able to confirm that it does work ... then the possibility of a worm is really high," said Amol Sarwate, Vulnerability Research Lab manager with Qualys Inc. "Once people get it working, it's only a matter of time for people to encapsulate it in worm behavior."

Qualys researchers are studying the exploit code and are still not sure which versions of Windows can be compromised by the attack, he said.

Sarwate noted that there is other attack code in circulation this week. Hackers have also posted malware targeting a critical flaw in the WinZip 10 file compression software, which was alsopatched by Microsoft on Tuesday.

"It is a big deal for the people who have WinZip installed, but it's not as much of a big deal as [the Workstation exploit]," he said.

Symantec is now warning of attack code targeting a third Windows flaw. On Thursday it said that exploit code has also been published for a flaw in the Client Service for Netware, which was also patched Tuesday.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments



Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?