Microsoft: DoS Bug Affects Most Windows Versions - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
05:40 PM

Microsoft: DoS Bug Affects Most Windows Versions

The bug might be used by an attacker to take over a target PC, says Symantec, although Microsoft disagrees.

A bug in Windows that went public last week may be worse than originally thought, Microsoft confirmed Saturday in a weekend advisory. One security analyst fears that the vulnerability -- which for now looks limited to a denial-of-service attack -- may soon be found to cause more severe problems for Windows users.

According to the Security Advisory posted Saturday, the bug in Windows Remote Desktop Service affects not just Windows XP SP2, as originally thought, but all the supported editions of Windows, including Windows 2000, Windows XP SP1, Windows XP Professional x64, Windows Server 2003, Windows Server 2003 SP1, and Windows Server x64.

Since May, Microsoft has had the advisory service in place to warn users of confirmed vulnerabilities before a patch is available, and if possible, provide advice on how to contain or prevent an exploit.

Microsoft downplayed the danger posed by the flaw.

"Our initial investigation has revealed that a denial of service vulnerability exists that could allow an attacker to send a specially crafted Remote Desktop Protocol (RDP) request to an affected system," said the alert. "Our investigation has determined that this is limited to a denial of service, and therefore an attacker could not use this vulnerability to take complete control of a system."

Alfred Huger, the vice president of engineering for Symantecs security response team, isn't so sure.

"It's not yet clear if this has a buffer overflow potential," said Huger. Oftentimes, a denial-of-service (DoS) vulnerability that lets an attack crash a system can be finessed into causing a buffer overflow, the typical method that hackers use to gain complete control over a PC and load their own malicious code onto the box.

"If I had to guess," said Huger, "I'd guess that that's how it will turn out."

In the advisory, Microsoft repeated that Remote Desktop Service is disabled by default in all versions of Windows except Windows Media Center, which is based on Windows XP.

"But it's enabled on a lot of corporate computers," countered Huger, "so IT staffs can access machines remotely to fix problems. Some of the more aggressive ISPs also enable it with their help software."

While Microsoft said that the bug was significant enough to justify an update to Windows, it stopped short of promising a patch before the next scheduled round of August 9.

In the meantime, it recommended that users disable Remote Desktop and/or block port 3389 at the firewall. That port is the one used by Remote Desktop.

Not coincidentally, SANS' Internet Storm Center detected several spikes in scanning for post 3389 starting July 6, with an even larger number of systems scanned on July 13. Hackers may be looking for vulnerable machines, said the Storm Center.

Microsoft, however, continues to say that no exploit has been seen in public spaces, although the original discoverer of the vulnerability claims to have a working exploit.

"It's a kernel vulnerability," said Huger, "so it will be difficult to exploit reliably. But he [the original discoverer] found the vulnerability with a commonly-used tool, so if he can find it, so can others.

"I dont think it will turn it into a large-scale worm, but then, some kernel vulnerabilities have ended up as just that, like the Witty worm."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Flash Poll