Hunt for XP SP2 flaws seen in full swing
Hackers are picking apart the software update looking for vulnerabilities
IDG News Service - While users are testing Service Pack 2 (SP2) for Windows XP to prevent compatibility problems, hackers are picking apart the security-focused software update looking for vulnerabilities, security experts said.
"We will see new vulnerabilities discovered in SP2 over the next few weeks. Give it a month or two, and we will also see worms that affect SP2," said Thor Larholm, senior security researcher at PivX Solutions LLC, a security services company in Newport Beach, Calif.
SP2 represents real progress for Microsoft Corp. and underscores its commitment to security, according to industry observers. The update provides protection against most known security exploits. For example, the improved and automatically enabled Windows Firewall would block attacks such as the Blaster worm that crippled the Internet a year ago.
"A lot of the current attack vectors are blocked by SP2," Larholm said. "Folks are now trying to find new ways to plant code on a system. A lot of these new ways will use e-mail, instant messaging and Web traffic -- any kind of traffic that a PC requests from the outside world -- because that will go through the firewall without restrictions."
Also, Microsoft's new software-based memory-protection technology is apparently vulnerable, according to Larholm. The data execution prevention feature is meant to protect users against buffer overruns, but Microsoft appears to have implemented it poorly, providing an easy way for attackers to circumvent the protection, he said.
Although there will undoubtedly be vulnerabilities found in SP2, the bar for Windows security has been raised, and the operating system will be tougher to attack, said Russ Cooper, a senior scientist at TruSecure Corp. in Herndon, Va.
"We will always see new attacks, but at least Microsoft has put a stake in the ground and has said, 'Now this is enough.' The existing attacks have been stopped," he said.
Because of the new Windows Firewall, Cooper predicted that future attacks will target applications that require users to change their firewall configurations, essentially opening a door to their systems.
"If you see anything, you will see attacks that are more targeted at communities of users, such as [users of] Quake, Kazaa, BitTorrent, anything that has a listening service and requires a user to create a rule to bypass the firewall. That is where they are opening themselves up to attack," Cooper said.
Microsoft is currently unaware of any vulnerability in SP2, a company spokesman said. If a vulnerability is reported, the software maker will investigate it and determine the appropriate response. This could include providing an update as part of its monthly patch cycle oran out-of-cycle update, the spokesman said.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different.... All Cybercrime and Hacking White Papers | Webcasts