Exploit Puts Windows 2000, XP at Risk

Microsoft warned on Thursday that exploit code had been published that would allow attackers to take advantage of vulnerabilities in both Windows XP Service Pack 1 and Windows 2000. The flaw has been given a "moderate risk" by the French Security Incident Response Team.

According to researchers, someone could launch a denial of service attack on Windows 2000 machines as long as he or she had access to the RPC port. The flaw is harder to exploit on Windows XP SP1, as the attacker would have to authenticate themselves in order to launch the DoS.

The vulnerability is not being considered a severe threat due to the fact the RPC port is usually behind a firewall, and the authentication issues with Windows XP.

"Microsoft is not aware of active attacks that use this vulnerability or of customer impact at this time," the company wrote in an advisory. "However, Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary."

No patch is currently available to fix the problem, but Microsoft recommended that users activate their firewalls and ensure their computers are up to date with the latest security updates.

Winny Thomas of Nevis Labs in India was able to create an exploit by reverse engineering a patch meant to fix a plug-and-play vulnerability within Windows, which was issued in October.

"In this exploit (again a DOS) the virtual memory is consumed to a point where desktop requests (like clicking "My Computer"), HTTP requests, SMB requests etc. do not get serviced for sometime," Thomas wrote in a message posted to the FrSIRT website. "After sometime the memory usage comes down and the target system would work as normal."

When only executed once, the exploit will simply result in a temporary denial of service, however it could be continuously executed in order to launch a sustained DoS attack.

Microsoft maintained its position in the advisory over security researchers releasing the details of vulnerabilities before the company has a chance to patch them.

"We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests," Microsoft argued. "This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed."