New Windows virus outbreak just a matter of days!

  Ben Avery 10:04 12 Sep 2003

Batten down your patches...

A virus or worm that exploits newly revealed vulnerabilities in the current versions of Windows could emerge fairly soon, security experts say, in part because the vulnerabilities are very similar to the flaws exploited by the MSBlast worm.

Alfred Huger, senior director of engineering at Symantec Security Response, said: ?This is essentially the same type of vulnerability. We?re likely to see them [new viruses] in the near future.?

Code that exploits the vulnerability is already being exchanged between researchers, he said. A new virus could come out in the next few days, he added, if not sooner.

Robin Matlock, vice president of marketing at Network Associates, speculated that an exploit might take a few weeks. Still, ?the gap between vulnerabilities and exploits is shrinking dramatically,? she said.

Microsoft has already issued a patch (click here)and a scanning tool that ensures systems are patched. The company and a host of security firms are urging businesses and consumers to apply the new software as soon as possible.

Both the patch and new scanning tool are necessary, according to Microsoft. If users download the new patch but have the old scanning tool, that tool will state that the PC has not been repaired, a Microsoft representative said.

A damaging outbreak could well hinge on how quickly people and institutions move to inoculate their PCs against potential attacks. Often, businesses and consumers can be slow to patch systems. A patch for the vulnerability that the MSBlast worm, also known as Blaster, exploited was available for three weeks before the first virus hit. Some businesses and several consumers had not applied the patch by then.

Keeping up with viruses is also a difficult, time-consuming job. ?It is just impossible,? said Matlock. Symantec President John Schwarz testified on Wednesday in front of a Congressional subcommittee on technology that approximately 450 new viruses are reported every month. On the other hand, the recent round of virus attacks is fresh in people?s minds, which may prompt them to act fast. The new vulnerability affects Windows NT 4.0, Windows 2000, Windows Server 2003 and Windows XP, including the 64-bit versions of Windows XP.

?The advantage we have here is that Blaster came out just a little while ago,? Huger said.

There are three new vulnerabilities. Two allow hackers to launch a buffer overflow attack. With a buffer overflow, hackers can take control of a computer and implant unwanted programs.

The third is a denial-of-service flaw that affects a component known as the remote procedure call (RPC) process. The RPC process facilitates activities such as sharing files and allowing others to use a computer's printer. By sending too much data to the RPC process, an attacker can cause the system to grant full access to its resources.

  Gaz 25 11:06 12 Sep 2003

Very true,

A simalar MS blast worm could do the same, all it has to do is be coded to exploit the different parts of the RPC system.

Microsoft and security expert Mark Richards say the patch should be installed quickly before virus creaters change the MS BLAST worm to exploit the new parts.


  mammak 13:05 12 Sep 2003

Ben Avery,thanks got it yesterday, we are being kept on our toe,s are we not,thanks again Mammak.

  anchor 13:34 12 Sep 2003

Just a note for those running Windows ME; the problem referred to by Ben Avery does not apply.

However, you should still run Windows update, and install whatever security patches are recommended. Antivirus definitions should also be regularly updated.

Note: Windows 98, Windows 98 Second Edition (SE), and Windows 95 also are not affected by this issue. However, these products are no longer supported by Microsoft.

  Ben Avery 13:45 12 Sep 2003

As stated in my original thread:

"The new vulnerability affects Windows NT 4.0, Windows 2000, Windows Server 2003 and Windows XP, including the 64-bit versions of Windows XP."

That excludes those otehrs you mentioned. :o)


  alcudia 14:21 12 Sep 2003

Thanks for the warning. 35 machines to patch, again. (Done mine)

  Ben Avery 14:24 12 Sep 2003

So you get the joy of sorting out your work's PC's too eh? Yeah, better make sure the others here have actually patched up this one too.


  anchor 16:35 12 Sep 2003

Yes, I did see it in your original thread.

However, I felt that possibly the fact that it did not effect users of Win-ME, (and earlier versions of Windows), "might" have been lost in your most detailed explanation.

Many members of this forum still use pre-XP versions of Windows, and therefore should not be unduly alarmed by this new threat.

  Ben Avery 16:47 12 Sep 2003

I'm pre-XP myself. Unfortunately though, my pre-XPness is in the form of windows 2000 so I still needed to patch! :o)


  alcudia 16:58 12 Sep 2003

During the last outbreak of this thing not one of our machines got the virus although I was not exactly on the ball in patching them. (35 machines all XP Pro)

Could the fact that the machine running our proxy server is Win98 be the reason for this, because it is being put out to grass next week and will be replaced with a new XP machine.

If so I had better be more careful in future.

Just wondered what you thought.

  Ben Avery 22:46 12 Sep 2003

I suppose that it's possible that that could styop it? I'm really not sure though, good question! Anyone? I'm intrigued now!

One thing IS for sure though, when you run a server on XP you will have to be more on the ball! Use that automatic critcal update function and you should get warned in plenty of time to beat the virus'


This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Moto G6 Play Review: First Look

iPad 9.7in (2018) review

Comment utiliser Live Photos ?