The Web    Google
Microsoft Battles Debugger Flaw, SQL Worm

Microsoft Battles Debugger Flaw, SQL Worm
May 23, 2002
Ryan NaraineBy

Microsoft (Quote, Chart) has issued a patch for a security flaw in the authentication tool for its debugging facility that could allow an attacker to take control of a user's system.

The latest security bulletin comes just days a software security firm detected the emergence of a new Microsoft SQL worm that is propagating on the Internet.

Debugger flaw
The newest patch, which was issued for Windows NT and 2000 users, targets a hole that would let an attacker run code as the operating system itself, Microsoft said.

"(The attacker) could take any action on the system including deleting data, adding accounts with administrative access, or reconfiguring the system. A successful attack requires the ability to logon interactively to the system, either at the console or through a terminal session," according to the bulletin.

Microsoft said the issue most directly affects client systems and terminal servers.

(For Windows NT 4.0, the patch can be downloaded . For Windows NT 4.0 Terminal Server Edition, find the patch and for Windows 2000, click ).

The Windows debugging tool allows programs to perform diagnostic and analytic functions on applications as they are running on the operating system. One of the tool's capabilities allows for a program, usually a debugger, to connect to any running program, and to take control of it. The program can then issue commands to the controlled program, including the ability to start other programs. These commands would then execute in the same security context as the controlled program.

MS SQL worm
Separately, reported that a new worm that has been found in the wild attacking all versions of Microsoft SQL Servers on port 1433. The security firm described the "Spida Worm" as a self-propagating attack program that discovers SQL Server on the default port 1433 and attempts to connect with a blank password.

"If successful, it takes control of the machine, collects sensitive information on the local server, and attempts to propagate to other SQL Servers," the company warned in an advisory.

Application Security said it has developed a fix for the "Spida Worm."

While news of vulnerabilities and fixes are very common in the software space, it is fast becoming a public relations nightmare for Microsoft. Just last week, the company was forced to issue a massive patch to fix six vulnerabilities within IE 5.1, 5.5 and 6.0 browsers.

The patch addressed a buffer overflow hole that could give an attacker complete control of a user's machine and another vulnerability that would let an attacker view files on an IE user's local drive. The patch was also needed to offset an HTML header manipulation hole that would allow an attacker to feed an executable file to a victim while causing it to appear to be a harmless text file, Microsoft said.

  • 9/9: Trojan.Riler Installs Itself As LSP
  • Mass-Mailing Worm Copies Itself to Windows Folder
  • 6/10: Agobot-JT Allows Unauthorized Access
  • Palyh and Fizzer Top Troublemakers in May
  • A New Breed of Phish
  • Secure Your Network Against Viruses, Spam
  • Another University Suffers Security Breach
  • Exploring Windows 2003 Security: IP Security
  • MyDoom Ends but Open Ports Attracting Mutants
  • Cisco Fixes a Pair of IOS Vulnerabilities
  • 7/20: Mydoom.L@mm a Mass-Mailing Worm
  • Security Camera News