| Submit your comments on this article |
| Science & Technology |
| Critical Windows bug could make worm meat of millions of high-value machines |
| 2012-03-17 |
| Microsoft has plugged a critical hole in all supported versions of Windows that allows attackers to hit high-value computers with self-replicating attacks that install malicious code with no user interaction required. The vulnerability in the Remote Desktop Protocol is of particular concern to system administrators in government and corporate settings because they often use the feature to remotely trouble-shoot e-mail servers, point-of-sale terminals and other machines when they experience problems. RDP is also the default way to manage Windows machines that connect to Amazon's EC2 and other cloud services. That means potentially millions of endpoints are at risk of being hit by a powerful computer worm that spreads exponentially, similarly to the way exploits known as Nimda and Code Red did in 2001. "This type of vulnerability is where no user intervention or user action is required and an attacker can just send some specially crafted packets or requests, and because of which he or she can take complete control of the target machine," Amol Sarwate, director of Qualys' vulnerability research lab, said in an interview. While RPD is not enabled by default, he said the number of machines that have it turned on is a "big concern" because it is so widely used in large organizations and business settings. The bug affects Windows XP and all versions of Windows released since, including the developer preview of Windows 8. It was privately reported by Luigi Auriemma, an Italian security researcher who frequently focuses on vulnerabilities in industrial control systems and SCADA, or supervisory control and data acquisition, systems used to control dams, gasoline refineries, and power plants. Microsoft said there's no indication the vulnerability is being used in the public to attack Windows users at the moment, but the company predicts that could change. I wonder if that patch was delayed until after Iran's nuclear development got pwned? |
| Posted by:Bright Pebbles |
| #2 The worm is called CVE-2012-0002 and the fix is MS12-020. |
| Posted by: Thriling Jomons3297 2012-03-17 18:12 |
| #1 It gets worse. The exploit code for this bug has been apparently leaked by either Microsoft or one of Microsoft's partners: Here's a link to The Register (UK) |
| Posted by: crosspatch 2012-03-17 14:23 |