The security world is abuzz with the damage potential of one of the security vulnerabilities patched recently by Microsoft. Security bulletin MS06-040 deals with a buffer overflow vulnerability in a service called "Server", which is present and running on Windows 2000, XP and 2003 operating systems. As the bulletin states
"An attacker who successfully exploited the vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
The fear is that it could snowball into a mass-exploitation platform similar to what happened with Blaster, Slammer, CodeRed and Nimda. There is already news of a bot, which exploits this vulnerability to take control of the remote system, and use it as a zombie to launch co-ordinated attacks - most typically distributed denial of service attacks. Here's what Stephen Toulouse had to say at MS's security blog.
But here's why I think this is unlikely to happen, at least at the scale at which it is being hyped up:
1. Security awareness levels are much higher than they were in 2003 and earlier.
2. Most medium and large organizations have patch management systems in place, which would mostly automatically download and push the patches through.
3. On desktop systems, the Windows Automatic Update service, desktop firewalls and updated anti-virus software may combine to significantly mitigate the threat.
4. The security industry has a bit of a natural tendency to over-hype potential vulnerabilities. Recollect the buzz around the WMF vulnerability. Nothing came of it. Plus, we haven't had a really big worm since Blaster, so the scene is getting kind of boring.
About Me
- Kanwal K Mookhey
- Mumbai, India
- I run an IT Security consulting firm based out of India. We started off from scratch in 2001 when I was 21, and have offices in Mumbai, Bahrain, and UAE. The idea behind the blog is to share the stories of how we run the business, the deals we make, the deals that break, the heartburn, and the sheer joy.
The Ultimate Startup Guide
The Ultimate Startup Guide is an e-book that provides answers to all your questions related to starting and growing a business in India. Everything you wanted to know about entrepreneurship in India from ideation to registration to marketing to hiring. The book contains a large number of practical examples, anecdotes, interviews, and motivational material to help you get started, and to grow rapidly in a booming Indian economy. If you've got the idea, this book will help you through with the execution and realize your dreams.
Here are some of the key questions you will find answered in this book:
Details of the book are: Title: The Ultimate Startup Guide Author: Kanwal Mookhey Pages: 150 Additional: Companion CD contains numerous templates for building your business plan, calculating cashflow, preparing profit and loss, and balance sheets, preparing invoices, your resume and profile, marketing material, websites, contracts, and many other useful and motivational material. |
Tuesday, August 15, 2006
MS06-040 - Blaster redux? Probably not
Posted by Kanwal K Mookhey at 3:41 AM
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment