Security researchers have released attack code that will crash Windows XP and Vista PCs that are susceptible to a recently patched bug in the operating system.
The code was released yesterday to security professionals who use Immunity’s Canvas computer security testing software. It causes the Windows system to crash but does not let the attacker run malicious software on the victim’s system. It is not available to the general public.
“It reliably crashes Windows machines,” said Dave Aitel, Immunity’s chief technology officer. “In fact, it blue-screened our print server by accident – this is a broadcast attack, after all.”
That’s the biggest concern for security experts who worry that a more dangerous attack may soon follow as researchers dig further into the vulnerability. The bug is particularly troublesome for two reasons. First, it affects a widely used Windows component that is turned on by default. Worse, no user interaction is required to trigger the flaw, meaning that it could be exploited in a self-copying worm attack.
The flaw lies in the way Windows processes networking traffic that uses Internet Group Management Protocol (IGMP) and the Multicast Listener Discovery (MLD) protocol, which are used to send data to many systems at the same time. The protocols are used by a range of applications including messaging, web conferencing and software distribution products.
For a worm attack to work, the attacker would have to send specially crafted packets to a victim’s machine, which could then allow the attacker to run unauthorised code on the PC. The worm could then spread from computer to computer within a LAN, but would generally be stopped from travelling to another network by a firewall.
A reliable exploit could be combined with malicious botnet software, giving attackers a way to widen the size of their networks of infected computers. The flaw is rated critical for Windows XP and Vista systems, according to Microsoft.
Microsoft, Windows Vista, Windows XP, Operating System, Security, Vulnerability, Exploit, Malicious, Code, Malware, Trojan, Crash