After buggy patch, criminals exploit Windows flaw

Microsoft had to re-release its MS010-025 security update -- now it's being exploited by hackers

Robert McMillan (IDG News Service)
03 June, 2010 06:11
Comments

Online criminals are scanning the Internet and attacking Windows 2000 machines that haven't had a recent Windows Media Service patch installed, Symantec said Wednesday.

Symantec first spotted the attacks on Monday, saying that they are extremely limited. Symantec's detection network picked up just a handful of attempts, but the code used in the attacks is new and gives hackers a way to take over a system.

The attacks are the latest development in a troublesome patch for Microsoft. The company released its MS010-025 update on April 13, but was forced to reissue the patch two weeks later after discovering that its original patch didn't fix the problem.

The Metasploit open-source hacking toolkit has published code that exploits the flaw, but whoever is behind these attacks isn't using that software, Symantec Security Intelligence Manager Joshua Talbot, said in an interview Wednesday. "Somebody's done some homework on their own and developed their own exploit," he said.

When the attack works -- Symantec says that it often doesn't and simply causes the victim's computer to crash -- the attacker uploads several password logging tools, and also enables remote desktop access.

Because the attack only works on Windows 2000 users who have not blocked the Windows Media Service's port 1755 at the firewall, the vast majority of Microsoft's customers have nothing to fear.

"It's interesting to know that someone out there is taking the time to write an exploit for this and then scan for uncommon configurations," Talbot said. "People should keep that in mind, even though this isn't necessarily a very high-profile issue."

Microsoft couldn't immediately be reached for comment about the attacks.

Robert McMillan can be reached at robert_mcmillan@idg.com. He is on Twitter at: http://twitter.com/bobmcmillan

Nominations for the 2012 ARN IT Industry Awards open on Tuesday, June 12.

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email ARN
Follow ARN on twitter

More about: etwork, Microsoft, Symantec

References show all

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Coverage

Related Whitepapers

Latest Stories

Community Comments

"I would not recommend Aranez iPad case or the manufacturer. I purchased ..."

PRODUCTS: Aranez announces K-Leather iPad 2 case
"Slt peut tu expliquer comment intaller ou mettre en place le mteur ..."

Italian mathematician prepares to challenge Google
""Amsellem said Facebook, flush with cash from its recent IPO, could purchase ..."

Facebook could buy Nokia to build 'FacePhone', expert claims
"Anxiety is a normal part of life but when it becomes excessive ..."

It's not all Doom at new media conference
"This article touches on some of the points of Cloud security. Seems ..."

Tech Watch: Who watches the datacentre?

Tags: patching, security, symantec, windows 2000

ARN Directory | Distributors relevant to this article

Anyware Corporation , Aquion , ASI Solutions , Bluechip Infotech , Compucon Computers , Dicker Data , Express Data , Express Online , ICT Distribution , Impact Systems Technology , Leader Computers , Lynx Technologies , NewLease , Synnex Australia , Topstar Computer International , XiT Distribution , Xpress I.T.

ARN Directory | Vendors relevant to this article

Symantec

Most Read

Get exclusive access to ARN's news, research and invitation only events.

Latest Jobs

FTIT Account Manager - System Integrator - Career Progression - Start ImmediatelyNSW
FTSAP Basis ConsultantACT
FTChange Management ProfessionalsNSW
FTQM Trainer and ConsultantNSW
FTSales Account ManagerNSW
CCSAP FICO ConsultantNT
CCSAP PM ConsultantNSW
FTSAP Basis ConsultantNSW
FTSales Account ManagerNSW
CCOBIEE ConsultantWA
CCAPAC Campaign ManagerNSW

Most Commented

ARN Distributor Directory

Find distributors by name | vendor | location

Channel Deals

/deals/avg/213_avg-internet-security-3-pc-2-year-10-pack-reta

AVG (AU/NZ) Pty Ltd

AVG Internet Security 2012 10 Pack Retail Specials

More details »

ARN Vendor Directory

Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Featured Resources

Premier Media Group Fast Study

A Fast Study is a succinct, easy to read Case Study. Spectra Logic aims to provide an overview of how to obtain the right solution for data archive, backup and recovery.

Most Popular Resource Papers

Market Potential-Strategy Guide to the Active Archive Market

The active archive market is a growing segment where tape is seen as part of a disk or network fileystem. This means that to an end user disk and tape are “blended” and whether file is held on disk or tape is “invisible” to the end user. The active archive market is the fastest growing space in the storage industry and allows direct end user access to tape through a file system front end.

Popular tags: Business Management, Security, Data Centre, Storage, Master Data Management