A virus or worm that exploits newly revealed vulnerabilities in the current versions of Windows could emerge fairly soon, security experts say, in part because the vulnerabilities are very similar to the flaws exploited by the MSBlast worm.
"This is essentially the same type of vulnerability," said Alfred Huger, senior director of engineering at Symantec Security Response. “We’re likely to see them (new viruses) in the near future.”
Code that exploits the vulnerability is already being exchanged between researchers, he said. A new virus could come out in the next few days, he added, if not sooner.
Robin Matlock, vice president of marketing at Network Associates, speculated that an exploit might take a few weeks. Still, “the gap between vulnerabilities and exploits is shrinking dramatically,” she said.
Microsoft has already issued a patch and a scanning tool that ensures systems are patched. The company and a host of security firms are urging businesses and consumers to apply the new software as soon as possible.
Both the patch and new scanning tool are necessary, according to Microsoft. If users download the new patch but have the old scanning tool, that tool will state that the PC has not been repaired, a Microsoft representative said.
A damaging outbreak could well hinge on how quickly people and institutions move to inoculate their PCs against potential attacks. Often, businesses and consumers can be slow to patch systems. A patch for the vulnerability that the MSBlast worm, also known as Blaster, exploited was available for three weeks before the first virus hit. Some businesses and several consumers had not applied the patch by then.
Keeping up with viruses is also a difficult, time-consuming job. "It is just impossible," said Matlock. Symantec president John Schwarz testified on Wednesday in front of a Congressional subcommittee on technology that approximately 450 new viruses are reported every month. On the other hand, the recent round of virus attacks is fresh in people’s minds, which may prompt them to act fast. The new vulnerability affects Windows NT 4.0, Windows 2000, Windows Server 2003 and Windows XP, including the 64-bit versions of Windows XP.
"The advantage we have here is that Blaster came out just a little while ago," Huger said.
There are three new vulnerabilities. Two allow hackers to launch a buffer overflow attack. With a buffer overflow, hackers can take control of a computer and implant unwanted programs.
The third is a denial-of-service flaw that affects a component known as the remote procedure call (RPC) process. The RPC process facilitates activities such as sharing files and allowing others to use a computer's printer. By sending too much data to the RPC process, an attacker can cause the system to grant full access to its resources.
