Security experts fear major attack on Windows systems


The Microsoft flaw

The flaw involves a potential buffer overflow in a Windows remote procedure call (RPC) interface, where it communicates with Microsoft’s distributed common object model (DCOM) software in the operating system.

RPC provides a communication mechanism that allows a program running on one computer to seamlessly execute code on a remote system. However, there is a vulnerability involving message exchange over TCP/IP networks, including the Internet.

Specifically, the flaw is caused by incorrect handling of malformed messages that could be exploited in a buffer overflow attack. If successful, the attacker would be able to take full control of the targeted system.

“The [flaw] is due to insufficient bounds checking of client DCOM object activation requests. Exploitation of this issue could result in execution of malicious instructions with local system privileges on an affected system,” notes security software giant Symantec in a security alert.

Microsoft’s RPC protocol is derived from the Open Software Foundation’s (OSF) RPC specification, but includes some Microsoft specific extensions.



4 August 2003 Security experts are bracing themselves for a string of large-scale attacks on Microsoft Windows-based PCs and servers after a number of tools were posted on a security mailing list.

The tools first appeared on Saturday on the Full Disclosure security mailing list.

The threat is so severe that security software giant Symantec has pinned a “high” risk label to its warning and advertised it prominently on its web site.

The security flaws affect Windows NT 4.0, Windows 2000, Windows XP and Windows Server 2003, which was only launched in April. It is unclear whether Windows 95 and 98 are affected or not as the company has discontinued support for these operating systems.

On its own, the flaw might not seem too serious. However, hackers are known to be working on an “exploit”, an automated tool that can scan the Internet for potentially vulnerable systems and run code against them that can take advantage of the flaw and deliver control of the system to a hacker.

In this way, they could potentially take charge of thousands of Internet connected systems, including, for example, servers running ecommerce applications and holding sensitive financial data such as credit card numbers, as well as PCs running Windows XP.

“Exploit development is continuing, but at this time there is no evidence that successful worms have been developed,” warned Symantec in a security alert.

Microsoft released a patch as long ago as 16 July, but fears that too many systems remain unpatched. Furthermore, when systems are taken down and the operating system reinstalled, systems administrators often forget to install the accompanying patches as well.

In this way, critical security vulnerabilities can resurface months or years after patches have been issued.

Microsoft Security Bulletin
Microsoft’s technical explanation

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics