Microsoft Battles Debugger Flaw, SQL Worm

Microsoft has issued a patch for a security flaw in the
authentication tool for its debugging facility that could allow an attacker
to take control of a user’s system.

The latest security bulletin comes just days a
software security firm detected the emergence of a new Microsoft SQL worm
that is propagating on the Internet.

Debugger flaw

The newest patch, which was issued for Windows NT and 2000 users, targets a hole
that would let an attacker run code as the operating system itself,
Microsoft said.

“(The attacker) could take any action on the system including deleting data,
adding accounts with administrative access, or reconfiguring the system.
A successful attack requires the ability to logon interactively to the
system, either at the console or through a terminal session,” according to
the bulletin.

Microsoft said the issue most directly affects client systems and terminal
servers.


(For Windows NT 4.0, the patch can be downloaded here. For Windows NT 4.0 Terminal Server Edition, find the patch
here and for Windows 2000, click here).

The Windows debugging tool allows programs to perform diagnostic and
analytic functions on applications as they are running on the operating
system. One of the tool’s capabilities allows for a program, usually a
debugger, to connect to any running program, and to take control of it. The
program can then issue commands to the controlled program, including the
ability to start other programs. These commands would then execute in the
same security context as the controlled program.

MS SQL worm

Separately, Application Security,
Inc.
reported that a new worm that has been found in the wild attacking
all versions of Microsoft SQL Servers on port 1433. The security firm
described the “Spida Worm” as a self-propagating attack program that
discovers SQL Server on the default port 1433 and attempts to connect with a
blank password.

“If successful, it takes control of the machine, collects sensitive
information on the local server, and attempts to propagate to other SQL
Servers,” the company warned in an advisory.

Application Security said it has developed a fix for
the “Spida Worm.”

While news of vulnerabilities and fixes are very common in the software
space, it is fast becoming a public relations nightmare for Microsoft. Just
last week, the company was forced to issue a massive patch to fix six vulnerabilities within IE 5.1, 5.5 and 6.0
browsers.

The patch addressed a buffer overflow hole that could give an attacker
complete control of a user’s machine and another vulnerability that would
let an attacker view files on an IE user’s local drive. The patch was also
needed to offset an HTML header manipulation hole that would allow an
attacker to feed an executable file to a victim while causing it to appear
to be a harmless text file, Microsoft said.

News Around the Web