December 10, eWEEK
Security experts have found a new way to exploit a critical vulnerability in Windows that evades a workaround. Microsoft Corp. issued a patch for the vulnerability in November, but the security bulletin also listed several workarounds for the flaw, including disabling the Workstation Service and using a firewall to block specific UDP and TCP ports. Researchers at security company Core Security Technologies discovered a new attack vector that uses a different UDP port. This attack still allows the malicious packets to reach the vulnerable Workstation Service. An attacker who successfully exploits the weakness could run any code of choice on the vulnerable machine. An attacker doesn't have to individually address computers on the network, but can broadcast an attack. Such a tactic could actually create a worm that spreads faster than the SQL Slammer worm did last year. Microsoft urged customers to apply the patch. "Applying the patch does correct the problem," said Iain Mulholland, a security program manager for Microsoft.
Source: http://www.eweek.com/article2/0,4149,1408902,00.asp
Security experts have found a new way to exploit a critical vulnerability in Windows that evades a workaround. Microsoft Corp. issued a patch for the vulnerability in November, but the security bulletin also listed several workarounds for the flaw, including disabling the Workstation Service and using a firewall to block specific UDP and TCP ports. Researchers at security company Core Security Technologies discovered a new attack vector that uses a different UDP port. This attack still allows the malicious packets to reach the vulnerable Workstation Service. An attacker who successfully exploits the weakness could run any code of choice on the vulnerable machine. An attacker doesn't have to individually address computers on the network, but can broadcast an attack. Such a tactic could actually create a worm that spreads faster than the SQL Slammer worm did last year. Microsoft urged customers to apply the patch. "Applying the patch does correct the problem," said Iain Mulholland, a security program manager for Microsoft.
Source: http://www.eweek.com/article2/0,4149,1408902,00.asp