4 August 2003 Security experts are bracing themselves for a string of large-scale attacks on Microsoft Windows-based PCs and servers after a number of tools were posted on a security mailing list.

The tools first appeared on Saturday on the Full Disclosure security mailing list.

The threat is so severe that security software giant Symantec has pinned a “high” risk label to its warning and advertised it prominently on its web site.

The security flaws affect Windows NT 4.0, Windows 2000, Windows XP and Windows Server 2003, which was only launched in April. It is unclear whether Windows 95 and 98 are affected or not as the company has discontinued support for these operating systems.

On its own, the flaw might not seem too serious. However, hackers are known to be working on an “exploit”, an automated tool that can scan the Internet for potentially vulnerable systems and run code against them that can take advantage of the flaw and deliver control of the system to a hacker.

In this way, they could potentially take charge of thousands of Internet connected systems, including, for example, servers running ecommerce applications and holding sensitive financial data such as credit card numbers, as well as PCs running Windows XP.

“Exploit development is continuing, but at this time there is no evidence that successful worms have been developed,” warned Symantec in a security alert.

Microsoft released a patch as long ago as 16 July, but fears that too many systems remain unpatched. Furthermore, when systems are taken down and the operating system reinstalled, systems administrators often forget to install the accompanying patches as well.

In this way, critical security vulnerabilities can resurface months or years after patches have been issued.

Links:
Microsoft Security Bulletin
Microsoft’s technical explanation