An “exploit code” discovered in Windows 2000 and XP poses a major MSBlast-class security threat to enterprise systems, the industry research firm Gartner has warned.
The code, which has been circulating on the internet, in recent days, exploits a buffer overrun flaw in the Workstation Service feature that is enabled by default in Windows 2000 and Windows XP. Microsoft recently made a patch available for the vulnerability, which can be downloaded from its website.
Two versions of the exploit code have already been publicly released and according to Gartner, improved versions are probably circulating as well. Scanning on the ports that allow access to the vulnerable service has been underway for months because the MSBlast worm attack of August 2003 affected the same ports.
Gartner analyst John Pescatore warned: “No actual attack is known to have occurred as yet, and predicting when or even if such an attack will occur is impossible.
“However, with the presence of both exploit code and scanning, enterprises must regard attacks as highly probable.
“Enterprises that use Windows XP or Windows 2000 should immediately check perimeter and personal firewalls and block the affected ports; deploy the available patch to all Windows servers and PCs as an urgent priority; and instruct all users of externally exposed laptops to call the help desk for instructions before plugging in to docking stations attached to local area networks,” Pescatore said.
Earlier this week, network systems and software maker Cisco led an industry initiative involving Network Associates, Symantec and Trend Micro that aims to develop systems and solutions that improve patch management by enterprises as well as improve authentication systems that help to crack down on worms and viruses. The firms, which together represent 92pc of the world’s installed base of corporate security systems and software, say they will eventually open up their knowledge to the rest of the software industry to help combat the rise in security threats.
By John Kennedy