Bureau24 Newsflash, Computer Security News, Online News Service

DoS vulnerability in Windows Published

A publicly available exploit demonstrates a vulnerability in Windows that could be used by a malicious user to crash Windows computers on the local network. No update is yet available. The bug occurs in the workstation service RPC function NetrWkstaUserEnum() if the function is called with too large a value in the MaxLen field. This causes svchost.exe to use all available memory and as a result, the service or computer hangs. The author of the exploit has tested the vulnerability on the Polish versions of Windows 2000 with service pack 4 and Windows XP SP2. Microsoft has not yet issued a response to the exploit. A workaround is available by blocking ports 139 and 445 in the firewall, but this will disable sharing on the network. The affected ports are usually shielded from the internet.

Christmas: the enemy of botnets

Apparently, Christmas helps to thwart botnet operators. According to observations made by several watchdog groups, the size of global botnets has abruptly decreased. Botnets are networks of thousands, to hundreds of thousands, of infected PCs, which are mostly running on Windows and are remotely controlled, often without the knowledge of their owners. Criminals use botnets to distribute spam mails and malware or to launch large attacks (DDoS) on other web servers or networks.

The ShadowServer Foundation, a consortium of several security specialists who watch botnets, malware and phishing activities, reported a drop in the count of zombie PCs from Saturday to Sunday of the past week from about 500,000 to just under 400,000. The Internet Storm Center DShield, also recorded lower levels of activity; however, their counts only show a drop of about ten percent. These numbers can be explained by the exchange of old infected PCs against new PCs received as Christmas presents on Christmas Eve, which removes a large number of zombie PCs all at once from the Net. Although the new Windows PCs are not necessarily 100% up-to-date and must be updated accordingly, the firewall of Windows XP SP2 should provide a minimum of protection when connecting to the Internet for the first time, allowing users to update their systems.

However, it is highly probable that during the next few months a large number of these new PCs will be infected again with bots - probably when users have configured their e-mail clients and the first malware floods reach their inboxes.

Personal data hacked at Texas college

RICHARDSON, Texas - Hackers might have obtained the personal information of 6,000 people who worked for, applied to or attended the University of Texas at Dallas, school officials said Wednesday. The information includes names and Social Security numbers, the school said. In some cases, addresses, e-mail addresses and telephone numbers also might have been obtained. There is no indication that the information has been distributed or used, school officials said.

[Free Software] [Security Links]  [Security News] [Top 50 Security Tools] [About Bureau 24] [Warranty] [Privacy Policy] [Contact Us] [Tech Newsletter] [Terms and Conditions] [Sitemap] [Resources]