Critical Vulnerabilities for Businesses Using Microsoft Windows
What are the Vulnerabilities?
There are two critical vulnerabilities for businesses using Microsoft Windows. Both vulnerabilities affect Microsoft's Remote Procedure Call implementation. Specific systems affected are:
* Microsoft Windows NT 4.0
* Microsoft Windows NT 4.0 Terminal Services Edition
* Microsoft Windows 2000
* Microsoft Windows XP
* Microsoft Windows Server 2003
* Various Nortel Networks Systems
Root Exploit
The first exploit allows an attacker to gain complete control over the system. Programs have been written to exploit this vulnerability, and include code that allows the installation of a "Back Door," which allows continued control and monitoring of a compromised system.
Denial of Service
The second exploit is said to also allow compromise of a system. Microsoft claims that it should only cause a "Denial of Service." Denial of Service (or DOS) attacks render affected computers unusable.
What to do?
* Block remote access to
o TCP/UDP Port 135
o TCP/UDP Port 139
o TCP/UDP Port 445
* Install Microsoft's patch described in Bulletin MS03-026
Concerns
The security community sees these vulnerabilities as potentially worse than January 2003's the Sapphire/Slammer Worm which infected 90 percent of vulnerable hosts within 10 minutes of its release. It interfered with ATMs, airlines, elections and general business operations, costing businesses more than $1 billion in its first five days.
Even though firewalls can close access from external hackers, businesses are still vulnerable. Internal employees, which account for the majority of security compromises, and already compromised machines can still exploit the vulnerabilities. Only a multi-tiered security defense system can provide proper protection.
Buat study sikit... mungkin boleh jumpa cam mana nak masuk guna lubang-lubang tuh...
|
Linear Mode
