More attack code surfaces for recent MS security holes
Any Windows XP, 2000 or Server 2003 machine running apps using SSL is vulnerable
April 26, 2004 12:00 PM ETIDG News Service -
Just days after Microsoft Corp. warned its customers about the release of code that can exploit a hole in its Secure Sockets Layer (SSL) library, new code that claims to exploit another recently disclosed hole surfaced on a French-language Web site.
The computer code can be used by a remote attacker to trigger a buffer overrun vulnerability in the Local Security Authority Subsystem (LSASS), according to a message posted to www.k-otik.com. Microsoft released a patch for the LSASS vulnerability, MS04-011, on April 13, along with fixes for the SSL problem and a number of other vulnerabilities (see story).
The code was released on Saturday, according to the K-Otik Web site, which hosts the exploit. It was unclear today whether the exploit code works, but notes attached by its author say some modifications may be necessary before the code can be used by a remote attacker to compromise Windows machines.
LSASS is used to authenticate users locally and in client/server environments. LSASS also has features used by Active Directory utilities. An attacker who could exploit the LSASS vulnerability could remotely attack and take total control of Windows 2000 and Windows XP systems, according to Microsoft.
Unlike e-mail worms and viruses, no user interaction would be necessary to trigger the LSASS buffer overflow, according to Johannes Ullrich, chief technology officer at the SANS Institute's Internet Storm Center.
The Internet Storm Center hasn't received any reports of the LSASS exploit code being used to compromise Windows systems on the Internet, he said.
Internet Security Systems Inc. is also aware of the new code but said it doesn't pose an immediate threat because it requires modification to work on computer networks. "The exploit is unreliable and not for use in the wild," said Neel Mehta, a research engineer at ISS.
But that's not true for exploit code that targets the Microsoft SSL hole, which was released last week. ISS has seen a significant number of exploits using that flaw since Wednesday, Mehta said -- activity that is often a precursor to an exploit being used by a worm.
The Internet Storm Center has received "a couple" of reports from organizations that had Windows systems attacked using that code, which leaves a unique signature in computer logs on compromised machines. The attacks were isolated and don't appear to be linked to a worm or virus outbreak. However, there is evidence that malicious hackers have coupled the SSL exploit code with automated scanning tools, Ullrich said.
"It looks like, in some cases, all affected servers in part
Reprinted with permission from
Story copyright 2009 International Data Group. All rights reserved.
Additional Resources


White Papers & Webcasts
Centralized Data Backup and Your WAN
Is your organization prepared to tackle the massive challenge of protecting your data in a cost effective and timely manner? With a growing...
Why Compliance Pays
This OnDemand webcast explores the relationship that firms with best compliance records have higher revenue, greater customer retention, lower financial losses from data...
An All-in-One Approach to Web Security
Granting web access to employees poses challenges to IT administrators and introduces unique security risks. Even as companies have perfected their security techniques...
Best Practices for Managing Business Risks from the Use of IT
(Source: Symantec) Based on exhaustive benchmarks conducted by the IT Policy Compliance, this session highlights the relationship between business risks and use of...
The Hidden Dangers of Spam
Beyond the well-understood productivity drain that spam inflicts on businesses, threats posed by illicit email circulating through a network are causing many security...
Managing And Protecting Your Ever Increasing Mobile Assets
(Source: Absolute Software) Your users are becoming more mobile each day. This is great for productivity - yet challenging for IT control. Natalie...
Open Source Security Myths Dispelled
(Source: Astaro) Open Source Software is computer software whose source code is available to the general public. This openly viewable nature...
Sun OpenSSO Enterprise Webinar
(Source: Sun) This webinar replay discusses Sun OpenSSO Enterprise innovation--the single, open-source solution that helps your business solve the challenges around internal access...
Best Practices for Backing Up VMware® with Veritas NetBackup™
VMware® is used by enterprises large and small to increase the efficiency and cost-effectiveness of their IT operations. With this in mind, Symantec...
Agile Enterprise Content Management (ECM) for Rapid ROI
(Source: IBM) Content rich business processes are a core feature of daily operations at just about any organization today. Very often these essential...
Subscribe to Computerworld
