News » SOFTWARE » Windows » Microsoft RPC exploit could be a packaged deal
Microsoft RPC exploit could be a packaged deal
While Microsoft has labeled Thursday's emergency patch MS08-067 as "critical" and provided a rareout-of-cycle fix because its exploit could easily be used as worm on a compromised network, one security researcher doesn't think it will happen that way.
"It's likely we're going to see this packaged with some other attack." said Ben Greenbaum, senior research manager at Symantec. "A Web-based attack, for example. We're looking out for are exploits of this being bundled with client-side exploits or Trojans so that the worm can get past corporate firewalls and get behind that firewall into the internal network.
"It's likely we're going to see this packaged with some other attack." said Ben Greenbaum, senior research manager at Symantec. "A Web-based attack, for example. We're looking out for are exploits of this being bundled with client-side exploits or Trojans so that the worm can get past corporate firewalls and get behind that firewall into the internal network.
"
Comparisons have been made to Zotob, an RPC worm that spread like wildfire in 2005. Remote Procedure Calls (RPC) allows programmers to run code either locally or remotely; a flaw within them is ideal for creating a worm.
"The potential is certainly there," Greenbaum said, adding that modern day attackers are "looking to create as much revenue for themselves as possible, and part of that equation means avoiding detection. What we're likely to see is that this will be added to a wide variety of attack tool kits already available."
"It's possible--but it's not likely--that we'll end up seeing a purpose-built worm that only exploits this one vulnerability," he said.
Since the patch came out Thursday morning, Symantec has seen increased scanning on ports 139 and 445, ports that exploits of MS08-067 would use.
There are some mitigating factors. Most firewalls, with default settings in place, should not allow an exploit of this penetrate that firewall, he said. However, home networks with File and Printer Sharing could fall victim to a bundled attack using this exploit.
The greatest danger is to systems running Windows XP and Windows 2000; Microsoft has ranked the patch as critical for these systems. On Windows Vista, Windows Server 2008, or Windows 7 pre-Beta, if the firewall is disabled, and File and Printer sharing enabled, an anonymous user could use this exploit to connect but would do so only at the lowest possible integrity setting, which would prevent successful exploitation, Greenbaum said.
Comparisons have been made to Zotob, an RPC worm that spread like wildfire in 2005. Remote Procedure Calls (RPC) allows programmers to run code either locally or remotely; a flaw within them is ideal for creating a worm.
"The potential is certainly there," Greenbaum said, adding that modern day attackers are "looking to create as much revenue for themselves as possible, and part of that equation means avoiding detection. What we're likely to see is that this will be added to a wide variety of attack tool kits already available."
"It's possible--but it's not likely--that we'll end up seeing a purpose-built worm that only exploits this one vulnerability," he said.
Since the patch came out Thursday morning, Symantec has seen increased scanning on ports 139 and 445, ports that exploits of MS08-067 would use.
There are some mitigating factors. Most firewalls, with default settings in place, should not allow an exploit of this penetrate that firewall, he said. However, home networks with File and Printer Sharing could fall victim to a bundled attack using this exploit.
The greatest danger is to systems running Windows XP and Windows 2000; Microsoft has ranked the patch as critical for these systems. On Windows Vista, Windows Server 2008, or Windows 7 pre-Beta, if the firewall is disabled, and File and Printer sharing enabled, an anonymous user could use this exploit to connect but would do so only at the lowest possible integrity setting, which would prevent successful exploitation, Greenbaum said.
By: cnet
Average Rating:
0%
User Rating:
0 votes
Readers rating:
0 votes
Readed: 75 time(s)
Readers opinions: 0
25th October 2008, 02:34 EDT | Copyright (c) 01download.net | Contact:
Digg this!
Slashdot it!
Add to del.icio.us
Stumble!
Submit to Reddit
Add to Technorati
FurlUser opinions about Microsoft RPC exploit could be a packaged deal
We are sorry, there are no opinions available for this article.
Login to add your opinion.
If you dont have a account please create one!
Related to Microsoft RPC exploit could be a packaged deal
Related
Vista SP2 beta due next week
- 24th October 2008, 16:55 EDT
Microsoft says it's ready with a test version of the update, with native Blu-ray support, faster searching, and better Bluetooth connectivity.
- 24th October 2008, 16:55 EDT
Microsoft says it's ready with a test version of the update, with native Blu-ray support, faster searching, and better Bluetooth connectivity.
Sun and VMware issue vital updates
- 4th December 2008, 13:19 EST
Users are being advised to update their software after Sun Microsystems and VMware posted software fixes on Wednesday.
- 4th December 2008, 13:19 EST
Users are being advised to update their software after Sun Microsystems and VMware posted software fixes on Wednesday.
MySpace plugging photo peephole
- 5th November 2008, 15:43 EST
MySpace was working to plug a hole on Tuesday that allows anyone to view members' private photos without being friends with them.
- 5th November 2008, 15:43 EST
MySpace was working to plug a hole on Tuesday that allows anyone to view members' private photos without being friends with them.
Microsoft snags 63 online counterfeiters
- 4th December 2008, 13:11 EST
Microsoft has taken legal action against 63 online auctioneers spanning 12 countries, for alleged trademark infringement and the international orchestration of marketing schemes involving the sale of counterfeit software.
- 4th December 2008, 13:11 EST
Microsoft has taken legal action against 63 online auctioneers spanning 12 countries, for alleged trademark infringement and the international orchestration of marketing schemes involving the sale of counterfeit software.
Kaspersky aims to be security top dog
- 4th December 2008, 13:13 EST
Anti-virus firm Kaspersky Lab has boldly predicted that it will become the market leader in endpoint security, building on a growing reputation for technological innovation, and heavy investment in research and development.
- 4th December 2008, 13:13 EST
Anti-virus firm Kaspersky Lab has boldly predicted that it will become the market leader in endpoint security, building on a growing reputation for technological innovation, and heavy investment in research and development.
Apple advises users to get anti-virus
- 4th December 2008, 13:17 EST
Apple has advised its customers to install multiple anti-virus software engines to protect against possible infection.
- 4th December 2008, 13:17 EST
Apple has advised its customers to install multiple anti-virus software engines to protect against possible infection.
Most Readed
Microsoft snags 63 online counterfeiters
- 4th December 2008, 13:11 EST
Microsoft has taken legal action against 63 online auctioneers spanning 12 countries, for alleged trademark infringement and the international orchestration of marketing schemes involving the sale of counterfeit software.
- 4th December 2008, 13:11 EST
Microsoft has taken legal action against 63 online auctioneers spanning 12 countries, for alleged trademark infringement and the international orchestration of marketing schemes involving the sale of counterfeit software.
Kaspersky aims to be security top dog
- 4th December 2008, 13:13 EST
Anti-virus firm Kaspersky Lab has boldly predicted that it will become the market leader in endpoint security, building on a growing reputation for technological innovation, and heavy investment in research and development.
- 4th December 2008, 13:13 EST
Anti-virus firm Kaspersky Lab has boldly predicted that it will become the market leader in endpoint security, building on a growing reputation for technological innovation, and heavy investment in research and development.
Sun and VMware issue vital updates
- 4th December 2008, 13:19 EST
Users are being advised to update their software after Sun Microsystems and VMware posted software fixes on Wednesday.
- 4th December 2008, 13:19 EST
Users are being advised to update their software after Sun Microsystems and VMware posted software fixes on Wednesday.
Vista SP2 beta due next week
- 24th October 2008, 16:55 EDT
Microsoft says it's ready with a test version of the update, with native Blu-ray support, faster searching, and better Bluetooth connectivity.
- 24th October 2008, 16:55 EDT
Microsoft says it's ready with a test version of the update, with native Blu-ray support, faster searching, and better Bluetooth connectivity.
MySpace plugging photo peephole
- 5th November 2008, 15:43 EST
MySpace was working to plug a hole on Tuesday that allows anyone to view members' private photos without being friends with them.
- 5th November 2008, 15:43 EST
MySpace was working to plug a hole on Tuesday that allows anyone to view members' private photos without being friends with them.
New
Sun and VMware issue vital updates
- 4th December 2008, 13:19 EST
Users are being advised to update their software after Sun Microsystems and VMware posted software fixes on Wednesday.
- 4th December 2008, 13:19 EST
Users are being advised to update their software after Sun Microsystems and VMware posted software fixes on Wednesday.
Apple advises users to get anti-virus
- 4th December 2008, 13:17 EST
Apple has advised its customers to install multiple anti-virus software engines to protect against possible infection.
- 4th December 2008, 13:17 EST
Apple has advised its customers to install multiple anti-virus software engines to protect against possible infection.
Kaspersky aims to be security top dog
- 4th December 2008, 13:13 EST
Anti-virus firm Kaspersky Lab has boldly predicted that it will become the market leader in endpoint security, building on a growing reputation for technological innovation, and heavy investment in research and development.
- 4th December 2008, 13:13 EST
Anti-virus firm Kaspersky Lab has boldly predicted that it will become the market leader in endpoint security, building on a growing reputation for technological innovation, and heavy investment in research and development.
Microsoft snags 63 online counterfeiters
- 4th December 2008, 13:11 EST
Microsoft has taken legal action against 63 online auctioneers spanning 12 countries, for alleged trademark infringement and the international orchestration of marketing schemes involving the sale of counterfeit software.
- 4th December 2008, 13:11 EST
Microsoft has taken legal action against 63 online auctioneers spanning 12 countries, for alleged trademark infringement and the international orchestration of marketing schemes involving the sale of counterfeit software.
Vista SP2 beta due next week
- 24th October 2008, 16:55 EDT
Microsoft says it's ready with a test version of the update, with native Blu-ray support, faster searching, and better Bluetooth connectivity.
- 24th October 2008, 16:55 EDT
Microsoft says it's ready with a test version of the update, with native Blu-ray support, faster searching, and better Bluetooth connectivity.
Related Tags:
security vindows microsoft vista exploit could patch worm it's we're attack said greenbaum would systems windowsCategories:
Newsletter:
News about new products, updates, and special offers via e-mail.