• PC World
• »Windows

The CERT Coordination Center at Carnegie Mellon University issued an advisory Tuesday calling attention to a recently disclosed security hole in Microsoft's Windows 2000 and Windows XP operating systems.

The buffer overrun vulnerability in the Workstation Service (a Windows component) is well-suited to exploitation by an Internet worm and would allow malicious hackers to attack and compromise vulnerable systems remotely, CERT said.

Patching the Problem

On Tuesday, Microsoft released a security bulletin that it classified as "critical," MS03-049, as well as a software patch for the Workstation Service vulnerability, and encouraged all customers to download and install the patch immediately.

The service, which is turned on by default in Windows 2000 and Windows XP systems, allows computers on a network to connect to file servers and network printers, Microsoft said.

The CERT Advisory, CA-2003-28, echoes Microsoft's recommendation that users apply the patch immediately and also encourages organizations to block ports 138, 139, and 445, which give outsiders access to a network using TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).

Security companies issued warnings to their customers about the new vulnerability, as well.

Internet Security Systems released a security brief on Tuesday that called the Workstation Service vulnerable "relatively easy to exploit," and warned that "exploits written to take advantage of standard [buffer overruns] are generally very robust, and good candidates for use in the creation of Internet worms."

Windows Messenger Worries

The CERT Advisory about the Workstation Service resembles an advisory the Pittsburgh-based organization issued in October after Microsoft revealed that a security hole in the widely deployed Windows Messenger Service allowed users on a network to display text messages in pop-up windows on a Windows user's desktop.

Like Workstation Service, Windows Messenger Service is enabled by default on many versions of Windows, and its buffer overrun vulnerability makes it an attractive target for malicious hackers and virus writers.

After releasing a patch for the Windows Messenger Service vulnerability, Microsoft said it would disable the feature by default in Service Pack 2 for Windows XP in an effort to protect computers from attacks.

Turning off Workstation Service will not be easy. The service must be enabled in order for computers on a network to connect to shared file servers or printers. Disabling the service disrupts a user's ability to log on to and browse computer networks, Microsoft said.

Microsoft and CERT said that disabling Workstation Service is a feasible alternative to applying the software patch only for stand-alone computers that are not on a network, such as those used by home users.