Cafe Arcane

A cozy, caffeinated corner of the web

Chinese Program Exploits Windows

by ·

SEATTLE — A group in China released a program Friday that lets hackers exploit a flaw in Microsoft software and take over a victim’s computer over the Internet.  The program, released nine days after Microsoft announced the flaw, has turned an embarrassment for the company and inconvenience for customers into a near-emergency.  The program, posted on the group’s website, takes advantage of a vulnerability in nearly all versions of Microsoft’s Windows operating system, including Windows Server 2003, touted as Microsoft’s safest ever. The Redmond software giant has urged corporate and home users to download a free software fix, but many consumers — particularly companies with hundreds or thousands of computers at risk — probably have not yet done so, said Marc Maiffret, co-founder of eEye Digital Security of Aliso Viejo, Calif. “Three times a year, there are (flaws) this bad,” Maiffret said. “This is one of those times.”


The flaw, discovered by western Poland researchers called the “Last Stage of Delirium Research Group,” affects Windows technology used to share data files across computer networks. It can allow attackers to seize control of a victim’s computer, letting them steal data, delete files and access e-mails.

The flaw is an embarrassment to a company that has dedicated millions of dollars to its highly trumpeted Trustworthy Computing initiative, in which Microsoft has been emphasizing security in writing code.

The Chinese group, Xfocus, did not contact Microsoft before posting the sample code, said Jeff Jones, Microsoft’s senior director of Trustworthy Computing security.

“We continue to believe that publication of exploit code in cases like this is not good for customers,” Jones said.

Xfocus, described on its website as a nonprofit and free technology organization founded in 1998, did not immediately return an e-mail request for comment sent Friday by The Associated Press.

Russ Cooper, of Herndon, Va.-based TruSecure, questioned why the group chose to post the code. “I don’t understand the point behind doing this,” he said. “This isn’t healthy for the Net at all.”

So far, Microsoft has not heard of any instances of the code being used. Microsoft said companies with strong firewalls commonly block the type of data connections that outside hackers would need for such attacks.

But Cooper said there are other ways to breach firewalls. He said attackers could gain access by targeting legitimate users who connect into the computer network from an unsecured remote location.

He added that the code can be used to attack one site at a time, but that he expects someone will soon “make the leap to turn this code to a worm” that could attack Internet sites randomly, en masse.

Microsoft is offering more information and a patch on its website.

Tags:

You may also like...

Leave a Reply