Exploit Code Arises for Latest Windows Flaws
Malicious code adds more fuel to the fears that another Windows worm is on the horizon.Adding more fuel to the fears that another Windows worm is on the horizon, security experts said Tuesday afternoon that they have seen working exploit code in the wild for the latest pair of vulnerabilities in the Windows RPC DCOM interface. The discovery of the code, which can be used to attack the two buffer overrun flaws in the interface, comes just two days after someone posted to a security mailing list exploit code for a denial-of-service weakness in the same interface. The RPC DCOM problems are particularly troubling and potentially dangerous because they affect nearly every current version of Windows, including the new Windows Server 2003. A previously discovered buffer overrun in the interface was exploited by the Blaster worm that tore through the Internet in August.
The newly released exploit code gives attackers the ability to get privileged access to vulnerable machines and also allows for the creation of a new account with a preset password. The exploit tool also gives attackers the option of targeting specifically configured machines, i.e., Windows 2000 Service Pack 3 or machines that have the patch for the original RPC DCOM flaw installed but not the fix for the more recent vulnerabilities, according to an analysis by iDefense Inc., based in Reston, Va.