Microsoft Battles Debugger Flaw - SQL Worm

Posted by: Anonymous

Microsoft Battles Debugger Flaw - SQL Worm - 05/24/02 01:06 PM

Microsoft (NASDAQ:MSFT) has issued a patch for a security flaw in the authentication tool for its debugging facility that could allow an attacker to take control of a user's system.

The latest security bulletin comes just days a software security firm detected the emergence of a new Microsoft SQL worm that is propagating on the Internet.

Debugger flaw
The newest patch, which was issued for Windows NT and 2000 users, targets a hole that would let an attacker run code as the operating system itself, Microsoft said.

"(The attacker) could take any action on the system including deleting data, adding accounts with administrative access, or reconfiguring the system. A successful attack requires the ability to logon interactively to the system, either at the console or through a terminal session," according to the bulletin.

Microsoft said the issue most directly affects client systems and terminal servers.

(For Windows NT 4.0, the patch can be downloaded here. For Windows NT 4.0 Terminal Server Edition, find the patch here and for Windows 2000, click here).

The Windows debugging tool allows programs to perform diagnostic and analytic functions on applications as they are running on the operating system. One of the tool's capabilities allows for a program, usually a debugger, to connect to any running program, and to take control of it. The program can then issue commands to the controlled program, including the ability to start other programs. These commands would then execute in the same security context as the controlled program.

MS SQL worm
Separately, Application Security, Inc. reported that a new worm that has been found in the wild attacking all versions of Microsoft SQL Servers on port 1433. The security firm described the "Spida Worm" as a self-propagating attack program that discovers SQL Server on the default port 1433 and attempts to connect with a blank password.

"If successful, it takes control of the machine, collects sensitive information on the local server, and attempts to propagate to other SQL Servers," the company warned in an advisory.

Application Security said it has developed a fix for the "Spida Worm."

While news of vulnerabilities and fixes are very common in the software space, it is fast becoming a public relations nightmare for Microsoft. Just last week, the company was forced to issue a massive patch to fix six vulnerabilities within IE 5.1, 5.5 and 6.0 browsers.

The patch addressed a buffer overflow hole that could give an attacker complete control of a user's machine and another vulnerability that would let an attacker view files on an IE user's local drive. The patch was also needed to offset an HTML header manipulation hole that would allow an attacker to feed an executable file to a victim while causing it to appear to be a harmless text file, Microsoft said.

http://WWW.INTERNETNEWS.COM