Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
Hackers have already found a way to take advantage of a critical security hole disclosed by Microsoft last week.
A short computer program that exploits the vulnerability, which was found in a common Windows component called the ASN.1 Library, was posted to the Internet over the weekend. However, one security expert says the exploit code does not pose a risk to confidential data stored on vulnerable systems.
Computer code for the program appeared on the French language Web page www.k-otik.com, a popular outlet for software exploits, and was examined in online computer security discussion groups Saturday.
The program will cause machines using a vulnerable version of the ASN.1 Library to reboot, producing a so-called "denial of service" attack, says Neil Mehta, research engineer at Internet Security Systems.
However, the exploit program will not allow a remote attacker to run malicious code or access files on vulnerable machines. That makes it less dangerous than previous software exploits, such as code that takes advantage of a hole in the Distributed Component Object Model (DCOM) exploit that preceded the Blaster worm, he says.
Under Attack
ASN, or Abstract Syntax Notation, is an international standard for representing different types of binary data such as numbers or strings of text. The ASN.1 Library is used by a wide range of Windows features and software, security experts say.
The ASN.1 exploit targets a Windows authentication protocol known as NT LAN Manager V2, or NTLMV2, that is used to authenticate users and allow them to connect to remote machines on a network. NTLMV2 is enabled by default on most Windows desktops and servers and can be reached through a number of communications ports on Windows machines using ASN.1 to encode the data that is sent back and forth, Mehta says.
The nature of the ASN.1 vulnerability makes it harder to exploit than the DCOM vulnerability because the attacker does not have control over the area of the computer's memory (or "heap") that is wiped out in the attack. That makes it difficult to produce reliable results on every vulnerable Windows machines, he says.
Cause for Concern?
However, there is some evidence that malicious hackers are working to refine the attack and produce a version of the exploit that will give attackers total control over vulnerable systems, says Ken Dunham, director of malicious code at IDefense in Reston, Virginia.
IDefense has been monitoring online Internet chat groups and has heard reports that an exploit for ASN.1 that gives attackers remote control of systems exists, but has not been released, he says.
Regardless of the danger posed by the exploit, the mere presence of code using the ASN.1 vulnerability should prompt most corporations to immediately patch any systems accessible from the Internet, and to follow by patching internal servers and desktops, Dunham says.
Systems protected by an Internet firewall are probably safe from attack for now. However, home users, especially those with broadband Internet connections, are vulnerable to attack, Mehta says.
