The Web    Google
Exploit for Windows SSL Flaw Circulating

Exploit for Windows SSL Flaw Circulating
April 20, 2004
Ryan NaraineBy

Exactly a week after Microsoft (Quote, Chart) announced a SSL vulnerability affecting key Windows products, malicious hackers unveiled exploits that could lead to widespread denial-of-service attacks .

The exploit code, described in the underground as the "SSL Bomb," could allow specially crafted SSL packets to force the Windows 2000 and Windows XP operating systems to block SSL connections. On Windows Server 2003 machines, the code could cause the system to reboot, security experts warned.

The code targets a vulnerability outlined last Tuesday when the software giant released a flurry of "critical" patches to plug security holes.

According to an advisory from the SANS institute, the threat level could grow considerably if malicious attackers take control of unpatched servers and systems.

Microsoft has already issued a patch in its MS04 -001 advisory but the SANS institute believes it's only a matter of time before exploits with remote code execution appear in the wild.

SANS also warned of a variant of the Gaobot.XZ worm which has been actively scanning ports to try to explore an old vulnerability of the UPnP service, described in Microsoft Security Bulletin MS01-059.

"Judging by the recent variants, looks like the virus writers are trying, more than usual, to get unpatched machines, both exploring services and applications," the institute said in an alert.

The W32.Gaobot.ZX worm, first detected April 12, attempts to spread through networks with weak passwords, and allows attackers to access an infected computer using a predetermined IRC channel.

The worm targets multiple vulnerabilities to spread, including the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026); the WebDav vulnerability (described in Microsoft Security Bulletin MS03-007); and the Workstation service buffer overrun vulnerability (described in Microsoft Security Bulletin MS03-049).

  • Lawmakers: Spam Bill Is a Turkey
  • WiFi Security Concerns Easing
  • Anti-Spam Bill Clears Senate
  • 5/3: Kelvir-AM Worm Spreads Via IM
  • Buffer Overflows Patched in RealPlayer
  • Enforcer 3.1 Bars Unsanctioned IM, P2P Access
  • 8/23: MhtRedir-S Trojan Exploits Flaw
  • Sophos Small-Business Suite Fights Viruses, Spam
  • Look Out For 3-Headed Plexus Worm
  • Report: CEOs Stagnant on Security
  • 9/9: BackDoor-CEB.C Remote Access Trojan
  • Security Camera Product