General discussion

Locked

Could this flaw lead to the next big virus?

By jasonhiner Moderator ·
Among the Microsoft Security Bulletins released yesterday was one for a critical new flaw, MS05-027, "Vulnerability in Server Message Block Could Allow Remote Code Execution."
http://www.microsoft.com/technet/security/Bulletin/MS05-027.mspx

Microsoft released a slew of other Security Bulletins and patches yesterday, including two other critical flaws; however, it is this Server Message Block (SMB) flaw that has IT pros spooked. This one has the potential of being used to create a nasty virus/worm similar to MSBlaster:
(http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html)

MSBlaster hit over 120,000 computers in 24 hours (and it was not programmed very well or it could have been much worse). It did not spread via e-mail but led to DoS attacks by flooding TCP ports. A skilled programmer could write a virus or worm to do something similar using this SMB flaw. And many unpatched systems would be at their mercy since most antivirus software is aimed primarily at fighting mass-mailing worms and not combatting these types of attacks.

Microsoft has already admitted that this a possibility. "There is the potential for an attacker to somehow create an automated attack that could result in some sort of virus or worm," said Stephen Toulouse, security program manage with Microsoft's Security Response Center.
See: http://www.infoworld.com/article/05/06/14/HNmicrosoftpatchesie_1.html

SecurityFocus has written: "Remote attackers may exploit this vulnerability to execute arbitrary machine code in the context of the kernel containing the vulnerable code. Attackers can utilize broadcast UDP packets to attack many computers simultaneously, as well as to obfuscate the source of attacks. Failed exploit attempts will likely crash the affected computer, denying service to legitimate users. This vulnerability allows remote attackers to potentially crash all affected computers in a broadcast domain."
See: http://www.securityfocus.com/bid/13942/info

I'd recommend that all IT pros roll out the patch for MS05-027 as soon as possible.

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

~evil grin~

by Jaqui In reply to Could this flaw lead to t ...

this it pro has no need to roll the patch out.
linux rocks by not having this critical vunerability issue. ( it is designed with security as being more important than dumbing down to make easy use )

~leaving obviious jab about pros and ms alone ~

Collapse -

You lucky dog

by jasonhiner Moderator In reply to ~evil grin~

Hey, I agree Linux is undoubtedly easier to lock down in its native form - mostly (in my opinion) because you don't have to give local admin privileges to any end users (which happens a lot for Windows end users).

I wish more users were smart enough to be able to use Linux, or that Linux was easier to use for the average end user.

How many Linux desktops do you support? Are they technically savvy users?

Collapse -

lucky me..

by Jaqui In reply to You lucky dog

small office, with savvy users.
( software development )


take a look at Xandros livecd version of linux.
no real savvy needed, as it's targeted specifically at windows avarage users.

you can get install version, but to evaluate, why bother when the live cd will do?

Collapse -

by msdavis In reply to You lucky dog

In my experience I've never come across a time when I haven't 'had to' give an end user administrative privledges (under WinXP). People do it often cause they're too lazy to figure out why a program will not run under normal user priviledges, then correct for those issues.

As to Linux being 'l33t h4x0r', it's not suitable for many environments where unique specificied applications will run 'only' on windows. My experience with Linux and Windows is that they are about equally is secure. The time you don't spend making Linux secure is spent making it useable, whereas the time spent making Windows Secure is not spent on making it useable.

Collapse -

working on it

by pvdcats In reply to Could this flaw lead to t ...

As soon as the spate of Microsoft's security email started hitting my mail box, I patched my 4 servers and started on the workstations.
What really gets me with this, I'm already drowning in IT work (I work for a non profit, 3 sites, 50+ users, maintaining ALL IT functions as well as supporting all the databases and other soft stuff) so what does Microsoft do? drown me in re-revisions of their security bulletins. I don't have that kind of time. It's like the security bulletins need to be "patched"... they get 0 points from me...

Collapse -

Is this really necessary

by eth0 In reply to Could this flaw lead to t ...

When you work with Windows, this is what you must learn to expect. You can't really be suprised or frustrated any more beacuse Linux is an alternative.

Linux is there, waiting for you too.

Collapse -

oh... any software system has it 's own problem

by prakashk In reply to Is this really necessary

If it is Linux or Windows.. you got to expect problems. Linux as an alternative will not solve.

Collapse -

Win2k-Server

by -TwiTch- In reply to Could this flaw lead to t ...

This is probably a "DUH!" question, but is the 2k patch capable of patching 2k pro AND 2k server?

Collapse -

Yes, Win2K patches almost always cover both

by jasonhiner Moderator In reply to Win2k-Server

Sometimes Microsoft breaks out each of the different iterations of an OS in a Security Bulletin; however, if they only put "Windows 2000" then it's usually safe to assume that all versions are covered.

Collapse -

Is it a problem? Not for me.

by msdavis In reply to Could this flaw lead to t ...

I manage a Windows 2000 native domain. I am the sole Server Administrator, I have 60 servers to maintain alone. 4000 workstations (all Windows XP SP2) and 14,000 users spanning across 21 different locations. I have one network/telephone admin and 4 field technicians and 2 help desk people to support this entire infrastucture.

My servers are completely patched already and they did so while I slept. Workstations will be completed by end of next week.

If there is a virus problem, it will be contained and minimized.

Back to Security Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums