Compromise Likely of Serious Windows SSL Vulnerability | eWeek

Compromise Likely of Serious Windows SSL Vulnerability

Written By
Dennis Fisher
Dennis Fisher
Apr 23, 2004
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Security experts are monitoring what appears to be a coordinated effort to exploit a known vulnerability in the Secure Sockets Layer (SSL) implementation in Windows, and say that there may be a worm doing some of the work.

The vulnerability in the SSL library in Windows has been known for some time, and there is a patch available. However, experts say that on Wednesday someone released working exploit code for the flaw and there has been a marked increase in the amount of attacks against this vulnerability since then, according to experts at VeriSign Inc., based in Mountain View, Calif.

Typical attacks involve sending specially formed SSL traffic to vulnerable servers. This opens a Windows shell on the remote machine and allows attackers to run arbitrary code with system-level privileges.

The destination port for these attacks is 31337, according to an analysis of the attacks by Internet Security Systems Inc., based in Atlanta.

Among the products vulnerable to the SSL problem are Windows NT 4.0, 2000 and XP. The problem lies in Microsoft Corp.s Protected Communications Technology Version 1.0, which is somewhat akin to SSL.

“The vulnerability exists in a specific SSL processing routine. This vulnerability may result in a traditional stack overflow, and it can be exploited reliably over the Internet,” ISS said in its advisory on the attacks.

“The error causing a buffer overflow exists in a Windows system library, rather than in any single service, such as IIS or Exchange. Therefore, any service or application running on a vulnerable operating system that uses native Windows SSL functionality is vulnerable. This includes Microsoft services such as IIS, Active Directory and Exchange,” the ISS notice advised.

/zimages/5/28571.gifFor insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

ISS said that its researchers also have seen evidence of a worm exploiting this vulnerability in the last day or so.

The advisory further warned IT managers that the severity of this vulnerability is “compounded by the fact that SSL is most often used to secure communications involving confidential or valuable financial information, and that Firewalls and packet filtering alone will not be able to stop attacks. X-Force believes that hackers will aggressively target this vulnerability given the high-value nature of Web sites protected by SSL.”

/zimages/5/28571.gifCheck outeWEEK.coms Security Centerat http://security.eweek.com for security news, views and analysis. Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:/zimages/5/19420.gifhttp://us.i1.yimg.com/us.yimg.com/i/us/my/addtomyyahoo2.gif

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.