New Worm Headed Our Way?
Security experts believe it's only a matter of days, if not hours, before someone releases a worm to attack the newly found flaws in Windows.Administrators and security specialists hoping for a breather now that Blaster has faded and SoBig.F has expired may be in for a long weekend. The nature of the new vulnerabilities revealed yesterday in the RPC DCOM implementation in Windows is so similar to the one that Blaster exploits that security experts believe its only a matter of days, if not hours, before someone releases a worm to attack the new weaknesses. Even though it infected close to a million machines, experts say the Blaster worm was poorly coded and as a result did not do nearly the damage that a more efficient worm could have done. Blaster easily could be modified to work much better, and because the source code for the worm is readily available online, its likely that someone is already at work on that task. "It all adds up to a situation where well probably see a worm in the next 24 hours or so," said Jerry Brady, chief technology officer at managed security provider Guardent Inc., based in Waltham, Mass. "This could be worse. It wouldnt take very muchjust some very minor changes to the way the RPC connections work or the duration of the connections."
Like the vulnerability that Blaster exploits, two of the three new flaws reported in the RPC DCOM implementation in Windows are buffer overruns that could enable an attacker to run arbitrary code on a vulnerable machine. The flaws affect Windows NT 4.0, 2000, XP and Windows Server 2003.