New attack code crashes Windows XP & Vista

Security researchers have released attack code that will crash Windows XP and Vista PCs that are susceptible to a recently patched bug in the operating system. The code was released yesterday to security professionals who use Immunity's Canvas computer security testing software. It causes the Windows system to crash but does not let the attacker run malicious software on the victim's system. It is not available to the general public.

That's the biggest concern for security experts who worry that a more dangerous attack may soon follow as researchers dig further into the vulnerability. The bug is particularly troublesome for two reasons. First, it affects a widely used Windows component that is turned on by default. Worse, no user interaction is required to trigger the flaw, meaning that it could be exploited in a self-copying worm attack. Microsoft patched the flaw in its MS08-001 update, released last week, but it takes time for enterprise users to test and install Microsoft's patches.

View: Full Article @ PC Advisor

Report a problem with article
Previous Story

Windows Server 2008 Developer Center now on MSDN

Next Story

Is Microsoft Cracking Down on DVD Ripping?

23 Comments

Commenting is disabled on this article.

*sigh* The patch may have been released before proof-of-concept code was released to the public, but what about when you need to reinstall, and you are so tired of Windows updates that you just don't do them? I'd gladly trade poor security on my personal computer for the huge amount of time it takes to do those. And then there's Office updates... Oh, right - XP SP3 or Vista SP1, right? Wait, aren't those both still in the Release Candidate stage? As much as I would like to slipstream them into my installation, I'd rather not waste my discs on something that is incomplete.

(rpgfan said @ #11)
*sigh* The patch may have been released before proof-of-concept code was released to the public, but what about when you need to reinstall, and you are so tired of Windows updates that you just don't do them? I'd gladly trade poor security on my personal computer for the huge amount of time it takes to do those. And then there's Office updates... Oh, right - XP SP3 or Vista SP1, right? Wait, aren't those both still in the Release Candidate stage? As much as I would like to slipstream them into my installation, I'd rather not waste my discs on something that is incomplete. :(

Huge amount of time?
You boot up, go to windows update, select everything, click install and go have your dinner/lunch/whatever. Job's done and it only has to be done ONCE per installation, after that it's once a month for a few mins and a restart.
Whereas how much time do you lose when you get a nasty virus that you can't easily get rid of?

And no doubt you're one of the first people to complain about insecurities and vulnerabilities and so on.

and also admins should update during off peak hours maybe once or at least twice a month,not doing it at all could create more downtime.admins that dont do there job right should be fired and told no pay for you as you failed our expectations,true downtime isint a good thing.

@soldier1st

Why all the patching during off-peak hours or the downtime. With WSUS 3.0, you just approve the patches to a test computer, fire it up as admin, run wuauclt.exe /detectnow, install the patches when it prompts you, test the computer. If all's well, you approve the patches for everything else, and the patches get installed the next time the workstations are shut down. Monitor for those that haven't had the patches applied the next day and go shut the offenders down at lunch time.

Problem solved.

The only difficulties are servers, they are the ones that have to be done in off-peak hours.

(gollux said @ #10.1)
@soldier1st

Why all the patching during off-peak hours or the downtime. With WSUS 3.0, you just approve the patches to a test computer, fire it up as admin, run wuauclt.exe /detectnow, install the patches when it prompts you, test the computer. If all's well, you approve the patches for everything else, and the patches get installed the next time the workstations are shut down. Monitor for those that haven't had the patches applied the next day and go shut the offenders down at lunch time.

Problem solved.

The only difficulties are servers, they are the ones that have to be done in off-peak hours.

+1, but i always just schedule the server updates during off peak, they install reboot themsleves and all good.. it really aint that hard

Hi,

Many folks do not patch their systems as they are simply unaware they need to. My experience has shown me this.

This issue may yet be exploited to become a widespread worm if a suitable attack can be developed. It could be on the scale of Sasser or similar when or if this happens.

Servers are often the last machines to be updated given their admins dislike for disturbing the status quo for production machines.

Kind Regards

Simon

(PsiMoon314 said @ #1)
Servers are often the last machines to be updated given their admins dislike for disturbing the status quo for production machines.

admins like that need to think about how much down time there production machines might have if exploited.

(warwagon said @ #3)
So you are saying you haven't installed any updates since service pack 2? If so WHY!!!!!!!!!!!!!???????????

Because he is being a hot dog!

(which don't have brains AFAIK)

I guess the researchers knew about it since before the patch and release it now once its fixed, maybe they found it early and contacted MS that patched it.

(Foub said @ #6)
As if it took all that much to crash Windows as it is.....

If your Windows installation crashes a lot, you must have a defect. (Or your Windows install does.)

"Microsoft patched the flaw in its MS08-001 update, released last week"

So how is it different to any other flaw that's been patched?

(gollux said @ #3.1)
Because when someone figures how to exploit the buffer overflow, it will very quickly become the "IGMP Ping of Compromise" among all the unpatched systems out there on the network that aren't properly firewalled. You have forgotten SASSER?

http://en.wikipedia.org/wiki/Sasser_worm

do you understand what patched a flaw means, it means if you have updated your system you wont get hit by it, nomatter what anyone figures out, oh yeah and someone already figured it out, thats why theres an article here...

i remember sasser, a fully patched sytem wasn't vulnerable!!!