New Windows virus may hit soon

A worm or virus that exploits newly revealed vulnerabilities in the current versions of Windows could emerge fairly soon, security experts say.

Michael Kanellos Staff Writer, CNET News.com

Michael Kanellos is editor at large at CNET News.com, where he covers hardware, research and development, start-ups and the tech industry overseas.

See full bio

Michael Kanellos

Sept. 16, 2003 4:39 p.m. PT

2 min read

It?s going to be another patch race.



		Reader Resources Patch wizard Apply the patch now

A virus or worm that exploits newly revealed vulnerabilities in the current versions of Windows could emerge fairly soon, security experts say, in part because the vulnerabilities are very similar to the flaws exploited by the MSBlast worm.

?This is essentially the same type of vulnerability,? said Alfred Huger, senior director of engineering at Symantec Security Response. ?We?re likely to see them (new viruses) in the near future.?

Code that exploits the vulnerability is already being exchanged among researchers, he said. A new virus could come out in the next few days, he added, if not sooner.

Robin Matlock, vice president of marketing at Network Associates, speculated that an exploit might take a few weeks. Still, ?the gap between vulnerabilities and exploits is shrinking dramatically,? she said.

Microsoft has already issued a patch and a scanning tool that ensures that systems are patched. The company and a host of security companies are urging businesses and consumers to apply the new software as soon as possible.

Both the patch and new scanning tool are necessary, according to Microsoft. If people download the new patch but have the old scanning tool, that tool will state that the PC has not been repaired, a Microsoft representative said.

A damaging outbreak could well hinge on how quickly people and institutions move to inoculate their PCs against potential attacks. Often, businesses and consumers can be slow to patch systems. A patch for the vulnerability that the MSBlast worm, also known as Blaster, exploited was available for three weeks before the first virus hit. Some businesses and several consumers had not applied the patch by then.



		News.commentary Patch priorities Patching security vulnerabilities is a major headache. Forrester offers guidelines for tackling this ever more important job.

Keeping up with viruses is also a difficult, time-consuming job. ?It is just impossible,? said Matlock. Symantec President John Schwarz testified on Wednesday in front of a congressional subcommittee on technology that approximately 450 new viruses are reported every month. On the other hand, the recent round of virus attacks is fresh in people?s minds, which may prompt them to act fast. The new vulnerability affects Windows NT 4.0, Windows 2000, Windows Server 2003 and Windows XP, including the 64-bit versions of Windows XP.

?The advantage we have here is that Blaster came out just a little while ago,? Huger said.

There are three new vulnerabilities. Two allow hackers to launch a buffer overflow attack. With a buffer overflow, hackers can take control of a computer and implant unwanted programs.

The third is a denial-of-service flaw that affects a component known as the remote procedure call (RPC) process. The RPC process facilitates activities such as sharing files and allowing others to use a computer's printer. By sending too much data to the RPC process, an attacker can cause the system to grant full access to its resources.