Critical Vulnerabilities for Businesses Using Microsoft WindowsThere are two critical vulnerabilities for businesses using Microsoft Windows. Both vulnerabilities affect Microsoft's Remote Procedure Call implementation. Specific systems affected are:
Root ExploitThe first exploit allows an attacker to gain complete control over the system. Programs have been written to exploit this vulnerability, and include code that allows the installation of a "Back Door," which allows continued control and monitoring of a compromised system.
Denial of ServiceThe second exploit is said to also allow compromise of a system. Microsoft claims that it should only cause a "Denial of Service." Denial of Service (or DOS) attacks render affected computers unusable.
What to do?
ConcernsThe security community sees these vulnerabilities as potentially worse than January 2003's the Sapphire/Slammer Worm which infected 90 percent of vulnerable hosts within 10 minutes of its release. It interfered with ATMs, airlines, elections and general business operations, costing businesses more than $1 billion in its first five days. Even though firewalls can close access from external hackers, businesses are still vulnerable. Internal employees, which account for the majority of security compromises, and already compromised machines can still exploit the vulnerabilities. Only a multi-tiered security defense system can provide proper protection.
See Also
|
For information on reproducting articles on this site, visit http://www.esecurityguy.com/reproduction