
Another Zotob in the making?
By Joris Evers
Published: 24 October 2005 09:00 BST
Exploit code was published on Friday for a Windows flaw similar to the vulnerability that led to the Zotob worm that wreaked havoc in August.
The code takes advantage of a bug related to plug-and-play technology in Windows 2000 and Windows XP. Microsoft provided a patch for the flaw on 11 October in security bulletin MS05-047, along with fixes for 13 other Windows flaws. The software maker rated the issue "important".
The plug-and-play exploit code is not the first to surface for a flaw that was fixed in Microsoft's October patch cycle. Other exploits have been published on the internet or reported privately. Release of such code is typically a prelude to an attack. However, while some experts have raised the worm alarm, attacks have yet to appear.
The exploit causes a vulnerable system to crash but it's unlikely to be used for a worm, a Symantec representative said. "It does not gain local access to machines," the representative said.
A Microsoft representative said on Friday the company is aware of the latest exploit code but noted that no attacks were reported. "Microsoft is actively monitoring this situation to keep customers informed," the representative said in an emailed statement.
The vulnerability lies in the same Windows component that Microsoft provided a patch for two months ago. That flaw led to the spread of the Zotob worm, which took down systems across the US, including at television network ABC, cable news station CNN and The New York Times.
Microsoft urges users to apply the MS05-047 patch. Users who updated their system with the MS05-039 fix delivered in August are somewhat protected against this flaw as well, the company said. However, if that patch is not installed, the latest flaw could be exploited remotely by an anonymous user on Windows 2000 systems, the company said.
Joris Evers writes for CNET News.com
Virus alert: Windows 2000 worms begin to bite
New IE flaw rated as "critical"
Microsoft told to take some virus blame
Windows Firewall flaw causes port hazard
Microsoft finds another "critical" Windows flaw
Get ready for eight patches, says Microsoft
Critical Windows patch causes 'serious problems'
This project will result in a strong games designer working on site or remotely to produce superb 2D and pixel designs. If you decide you would like ...
Oracle 9i/11i, including GL, AP and AR, youll have detailed experience of installation, cloning, patch management, performance monitoring, capacity ...
Configuration Support - Investigate and resolve configuration issues raised as internal / client support items. The position is based full time at ...
CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.
Stories from the web...
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
Peter Cochrane Peter Cochrane's Blog: Is convergence a fiction? Or could it finally be happening…
Clive Longbottom Quocirca's Straight Talking: A game of two halves Microsoft Virtualisation scores while its SOA bores...