Attacks on New Windows Flaws Expected Soon

Computerworld - Companies will have even less time than usual to properly protect themselves against attackers attempting to take advantage of three critical flaws in Windows software that were revealed last week by Microsoft Corp.
Because the flaws are nearly identical to the one that the Blaster worm exploited last month, users can expect to see copycat attacks in the very near future, according to several security experts. As a result, it's important for companies to patch their systems or otherwise protect themselves against the flaws as expeditiously as possible, they said.
That sentiment was echoed by the U.S. Department of Homeland Security, which last week warned of the "potential for significant impact on Internet operations" because of the vulnerabilities.
"DHS believes that exploits are being developed" for the new flaws, the agency said in a bulletin.
Some users took the warning seriously.
"I'm pretty certain that an attack will happen faster than it did with Blaster," said Mike Tindor, vice president of network operations at First USA Inc., an Internet service provider in St. Clairsville, Ohio. The company has already installed patches against the new threat and has also closed several ports that could be exploited in an attack.
"I think it's critical that people patch immediately when a new update comes out," said David Krauthamer, director of information systems at Advanced Fibre Communications Inc. in Petaluma, Calif. The telecommunications equipment manufacturer used Microsoft's automated Security Update Services to download and patch more than 200 servers against the new flaws last week.
The holes exist in the remote procedure call (RPC) protocol used by the Windows operating system. Two of them are buffer overrun vulnerabilities that could allow an attacker to take full administrative control of a victim's system. An attacker who exploited these flaws would be able to take a variety of actions, including installing malicious programs, deleting data or creating new accounts, according to Microsoft.
The third flaw is a denial-of-service vulnerability that could allow RPC services to hang and become unresponsive, according to Microsoft.
It's not difficult to develop exploits for the new holes, said Max Caceres, director of product management at Core Security Technologies, a Boston-based vendor of security software and services.
Core Security was able to write attack code capable of compromising systems in the manner described by Microsoft in a matter of hours after the bulletin was announced, he said.
"In this case, it was pretty fast because the vulnerabilities are very similar to the last one," Caceres said. "The attack vector is exactly the