Windows XP SP1 Vulnerable to Attacks Based on MS05-039 Flaw
- By Scott Bekker
- August 24, 2005
Microsoft posted a security advisory to warn customers using "Simple File and Print Sharing" on systems running Windows XP Service Pack 1 that they are at increased risk for the flaw patched two weeks ago in bulletin MS05-039.
That flaw provided the foundation for the rapidly developed Zobot worm that took down servers at major media outlets and several other high-profile companies running Windows 2000.
"We are now aware of a very narrow and limited case on Windows XP SP1 whereby an unauthenticated attack might be possible. It's pretty specific (and … if you are on Windows XP SP2 or have applied MS05-039, you are not impacted by this)," Debby Fry Wilson wrote on the Microsoft Security Response Center blog Wednesday.
Wilson noted that there is no known attack that is seeking to exploit the scenario, and Microsoft provided a long list of mitigating factors for the flaw. Aside from having no effect if Windows XP SP2 or MS05-039 is installed, the flaw depends on Simple File Sharing, which is not enabled by default and isn't available on systems that are joined to a domain rather than a peer-to-peer workgroup. The flaw also could not be exploited on systems running a firewall, Wilson wrote.
Previously, Microsoft had stated that no unauthenticated attacks could travel across a network in Windows XP or Windows Server 2003. The company since realized that the way Simple File and Print Sharing automatically enables a Guest account and grants it permission to access files across the network can be exploited remotely by an unauthenticated user.
Click here to view Microsoft's security advisory.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.