Experts Warn of Windows Attacks

 
 
By eweek  |  Posted 2003-12-15
 
 
 

Security experts have found a new way to exploit a critical vulnerability in Windows that evades a workaround and enables the attacker to compromise a number of machines at one time.

The new attack could also lead to the creation of another fast-spreading Windows worm, the experts warned.

The workaround in question is for the buffer overrun flaw in Windows Workstation Service, which is enabled by default in Windows 2000 and Windows XP. An attacker who exploits the weakness could run any code of choice on the vulnerable machine.

Microsoft issued a patch for the vulnerability last month, but the security bulletin also listed several workarounds for the flaw, including disabling Workstation Service and using a firewall to block specific UDP (User Datagram Protocol) and TCP ports.

Penetration testers at Core Security Technologies discovered a new attack vector that uses a different UDP port. This attack still allows malicious packets to reach the vulnerable Workstation Service.

Rocket Fuel