Microsoft, NIPC Remind Users to Apply Service Packs
- By Scott Bekker
- March 09, 2001
A string of
intrusions by Eastern European hackers are giving the National Infrastructure Protection Council (NIPC)
and Microsoft Corp
. ample opportunity
to patch their Windows systems. The series of attacks have resulted in the
theft of over a million credit card numbers and affected more than 40
took advantage of vulnerabilities in the Windows NT operating system and
applications. All of the vulnerabilities had been patched by Microsoft, but
administrators had failed to apply the patches.
Microsoft and the NIPC have issued warnings regarding the intrusions and about
the vulnerabilities. The NIPC is investigating the break-ins.
Most of the
vulnerabilities are related to web services and SQL server. In some cases, the
vulnerabilities offer intruders broad access to system data and functionality.
vulnerability allows unauthorized access to IIS through Open Database
Connectivity (ODBC) through Microsoft’s Remote Data Service feature. Once a
system is infiltrated, intruders can execute shell commands on the IIS server,
giving them access to unpublished resident data.
vulnerability affects SQL Server 7.0 and Microsoft Data Engine. Using malicious
queries, users can take unauthorized actions on the server, perhaps giving them
access to sensitive data.
method of stealing information involves resetting registry permissions on NT
4.0 Server and NT 4.0 Workstation. Users are able to modify registry keys,
enabling code to execute during certain system events, or reset system
permissions, opening up system data.
vulnerability has not been used in the recent attacks, but Microsoft and the
NIPC, are reminding administrators of its peril. A Web server request parsing
vulnerability can enable malicious users to run system commands on a web
server, creating all kinds of havoc.
these vulnerabilities have had patches for months or years, but not all
administrators have taken the time to apply the patches. The SANS Institute says it will make a tool
freely available that will enable administrators to detect which systems need
security patches. The automated tool scans servers in an environment, checking
was founded in 1998 by then-President Clinton to protect and monitor U.S.
bulletin is available at http://www.microsoft.com/technet/security/nipc.asp.
- Christopher McConnell
Scott Bekker is editor in chief of Redmond Channel Partner magazine.