Exploit revealed for MS vulnerability

Posted on 17 Oct 2005 at 10:30

Security firm Immunity says it has discovered a way to exploit a vulnerability exposed in last Tuesday's Microsoft security update. The 'proof of concept' exploit means that it is much more likely that a potential hacker will write malicious code that could wreak havoc with unpatched systems.

The exploit relates to the Microsoft Distributed Transaction Coordinator (MDTC), which is mostly used in database transactions, and principally affects users of Windows 2000. The revelation of a similar flaw in this operation led to the outbreak of the Zotob worm earlier this year.

While the use of Windows 2000 is declining as companies move over to Windows XP, there is still a large installed base of Windows 2000 in larger companies using older machines. As the Zotob outbreak proved, there is still enough of a critical mass of Windows 2000 machines out there to provoke a chain reaction of infections.

The situation is made slightly worse because the upgrade of Windows 2000 Servers has been slower than the client versions. As luck would have it, MDTC is switched on by default in the Server version but switched off in the client.

Microsoft is recommending that all Windows 2000 users should apply the patch immediately if they have not already done so. More details are in the recent Microsoft Security Bulletin.

Author: Steve Malone