http://www.networkworld.com/new
s/2006/062606-microsoft-warns-of-exploit-code.html
By Robert McMillan
IDG News Service
06/26/06
Microsoft is warning users of malicious software that could
be used to
attack Windows systems that lack the company's latest
security
updates.
The exploit code targets a vulnerability in the Remote
Access
Connection Manager (RASMAN) service, used by Windows to
create network
connections over the telephone. The bug, which was patched
June 13, is
rated critical by Microsoft, the most severe rating
available.
Hackers published the code on Web sites late last week, and
it is now
included in Metasploit, a hacking toolkit that is used by
security
researchers and criminals alike.
The malicious software is not as dangerous as it could be.
Most
firewalls will block it and it also requires that the hacker
be
authenticated on the computer for it to work.
Still, Windows 2000 and Windows XP Service Pack 1 users need
to be
wary because they could be the victims of particularly nasty
attacks
that do not require authentication, Microsoft said.
"The current exploit code ... requires authentication,
but the
underlying vulnerability does not," said Stephen
Toulouse, a security
program manager with Microsoft's security response center.
For any attack to work on the latest versions of other
Windows
systems, like XP or Windows Server 2003, the attacker would
need to be
able to log on to the victim's machine, Microsoft said.
Hackers will likely use the malicious software in criminal
attacks
since it is now in Metasploit, said Ken Williams, director
of
vulnerability research with CA.
Complicating matters is the fact that some dial-up users
have been
having problems with the patch.
Computers that use Window's dial-up scripting or terminal
windows to
make connections may find that their dial-up connections no
longer
work, according to Microsoft's alert.
Users who cannot install the patch immediately should
disable the
RASMAN service, Microsoft said.
Over the past two weeks, Microsoft has also been contending
with a
number of unpatched vulnerabilities in its Office and Excel
software.
Microsoft has not yet patched the bugs, but it said Saturday
that one
of them is now expected to be patched in its next round of
security
updates, due July 11.
Microsoft's advisory on the malicious code can be found
here.
The IDG News Service is a Network World affiliate.
All contents copyright 1995-2006 Network World, Inc.
_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com
|