One security expert says the latest flaw detected in Microsoft Corp.’s Windows operating system makes other viruses such as Bugbear and Nimda seem “almost silly” in comparison because of the damage hackers could inflict if they gain access to a computer or network.
Gary Morse, president of Razorpoint Security Technologies Inc. in New York, said that the vulnerability is more dangerous than viruses like Nimda because it attacks the buffer overflow in the operating system and could allow for hackers to run code of their choice on a victim’s machine. Essentially, this would make the hacker the new administrator on the machine or the entire corporate network, he added.
Razorpoint is in the unusual position of actually getting paid by its clients to break into their networks to show where vulnerabilities exist. To date, Morse said not one of its customers has reported a system attack as a result of the Microsoft flaw because Razorpoint customers patched their systems “immediately.”
For its part, Microsoft released a security bulletin on July 16, which is available on its Web site, www.microsoft.com/security/security_bulletins/ms03-026.asp. Information on the site confirmed that a hacker “could gain control” over the operating system.
Even with a patch available, Morse noted that customers still need to get over one important simple hurdle.
“Customers who are not asleep actually go and download and install the patch and re-test their systems…this seems to be the hurdle. Just because a patch is out doesn’t mean a company will go and install it on every machine,” he said.
To boot, the vulnerability has lead the U.S. Homeland Security Department and analyst firm Gartner Inc. to issue warnings to customers on their Web warning of its severity.
According to Gartner, the increase in scanning against ports 135 and 445 of the Windows operating system, which is responsible for connecting to Windows-based remote procedure call (RPC) services, essentially leaves Microsoft’s Active Directory exposed. Gartner has instructed customers to make certain their firewalls can block the vulnerable service and the affected ports.
On its Web site on Wednesday, the U.S. Homeland Security Department warned that hackers had tested tools that take control of vulnerable computers over the Internet and had successfully stolen data or erased files. When asked by IT World Canada why the government would post such information, Morse said flatly that it is “trying to be proactive” because over the past decade, government machines “were some of the easiest to compromize.” He speculated that the U.S. government may be trying to develop its own Computer Emergency Response Team (CERT) group in a more concentrated effort to secure its IT infrastructure.
Gartner in Cambridge, Mass., is at www.gartner.com and in Washington, D.C. the U.S. Homeland Security Department is online at www.whitehouse.gov/homeland.