By Robert McMillan
IDG News Service
Microsoft is warning users of malicious software that could be used to
attack Windows systems that lack the company's latest security
The exploit code targets a vulnerability in the Remote Access
Connection Manager (RASMAN) service, used by Windows to create network
connections over the telephone. The bug, which was patched June 13, is
rated critical by Microsoft, the most severe rating available.
Hackers published the code on Web sites late last week, and it is now
included in Metasploit, a hacking toolkit that is used by security
researchers and criminals alike.
The malicious software is not as dangerous as it could be. Most
firewalls will block it and it also requires that the hacker be
authenticated on the computer for it to work.
Still, Windows 2000 and Windows XP Service Pack 1 users need to be
wary because they could be the victims of particularly nasty attacks
that do not require authentication, Microsoft said.
"The current exploit code ... requires authentication, but the
underlying vulnerability does not," said Stephen Toulouse, a security
program manager with Microsoft's security response center.
For any attack to work on the latest versions of other Windows
systems, like XP or Windows Server 2003, the attacker would need to be
able to log on to the victim's machine, Microsoft said.
Hackers will likely use the malicious software in criminal attacks
since it is now in Metasploit, said Ken Williams, director of
vulnerability research with CA.
Complicating matters is the fact that some dial-up users have been
having problems with the patch.
Computers that use Window's dial-up scripting or terminal windows to
make connections may find that their dial-up connections no longer
work, according to Microsoft's alert.
Users who cannot install the patch immediately should disable the
RASMAN service, Microsoft said.
Over the past two weeks, Microsoft has also been contending with a
number of unpatched vulnerabilities in its Office and Excel software.
Microsoft has not yet patched the bugs, but it said Saturday that one
of them is now expected to be patched in its next round of security
updates, due July 11.
Microsoft's advisory on the malicious code can be found here.
The IDG News Service is a Network World affiliate.
All contents copyright 1995-2006 Network World, Inc.
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.