Among the Microsoft Security Bulletins released yesterday was one for a critical new flaw, MS05-027, “Vulnerability in Server Message Block Could Allow Remote Code Execution.”
http://www.microsoft.com/technet/security/Bulletin/MS05-027.mspx
Microsoft released a slew of other Security Bulletins and patches yesterday, including two other critical flaws; however, it is this Server Message Block (SMB) flaw that has IT pros spooked. This one has the potential of being used to create a nasty virus/worm similar to MSBlaster:
(http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html)
MSBlaster hit over 120,000 computers in 24 hours (and it was not programmed very well or it could have been much worse). It did not spread via e-mail but led to DoS attacks by flooding TCP ports. A skilled programmer could write a virus or worm to do something similar using this SMB flaw. And many unpatched systems would be at their mercy since most antivirus software is aimed primarily at fighting mass-mailing worms and not combatting these types of attacks.
Microsoft has already admitted that this a possibility. “There is the potential for an attacker to somehow create an automated attack that could result in some sort of virus or worm,” said Stephen Toulouse, security program manage with Microsoft’s Security Response Center.
See: http://www.infoworld.com/article/05/06/14/HNmicrosoftpatchesie_1.html
SecurityFocus has written: “Remote attackers may exploit this vulnerability to execute arbitrary machine code in the context of the kernel containing the vulnerable code. Attackers can utilize broadcast UDP packets to attack many computers simultaneously, as well as to obfuscate the source of attacks. Failed exploit attempts will likely crash the affected computer, denying service to legitimate users. This vulnerability allows remote attackers to potentially crash all affected computers in a broadcast domain.”
See: http://www.securityfocus.com/bid/13942/info
I’d recommend that all IT pros roll out the patch for MS05-027 as soon as possible.
