Scoop has an Ethical Paywall
Licence needed for work use Learn More

Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search

 

Symantec Security Response to MS Advisory

Symantec Security Response to Microsoft Security Advisory

Last week, the Zobot and Esbot threats exploited a Microsoft Windows Plug and Play (PnP) Service vulnerability to create a backdoor on the computer system and allow remote attackers to have unauthorised access to the compromised computer.

During detailed analysis of the worms and the vulnerability, Symantec Security Response experts discovered that slight modifications to the exploit could impact some Windows XP and Windows XP SP1 systems with the possible result of unauthorized remote code execution. Windows XP SP2, however, is not susceptible to this exploitation method.

More Details on Windows PnP Service Vulnerability

The impacted configurations of Windows XP and Windows XP SP1 are not default configurations.

Attack scenarios are possible when the “guest” account is both enabled and removed from the “Deny access to this computer from the network” entry in the “User Rights Assignment” Security Policy. This can happen when Simple File and Print Sharing has been enabled, for example by sharing a folder or a printer with the local network.

It is important to note that Simple File and Print Sharing is only available on Windows XP machines that are not part of a Windows Active Directory Domain. However, configuring a Windows XP SP1 host to share network resources prior to joining an Active Directory Domain will leave it in the vulnerable state even after the Domain is joined.

After discovery and validation in the lab environment, Symantec worked with Microsoft to confirm the results. Today, Microsoft issued new information regarding the patch for the vulnerability first described in Microsoft Security Bulletin MS05-039, http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx issued on August 9, 2005.
Additional information can be found at: http://www.microsoft.com/technet/security/advisory/906574.mspx

Advertisement - scroll to continue reading

“Following responsible disclosure practices, Symantec notified Microsoft, validated the findings and quickly informed the public to protect against possible future threats,” said Oliver Friedrichs, senior manager, Symantec Security Response. “Symantec continues to urge users to update their systems when new patches are available to protect against possible exploits.”

Recommendations

As part of a defence in depth security solution, Symantec encourages the use of client security solutions which offer additional protection against possible exploitations of this vulnerability.

Enterprises should deploy a client security solution that includes intrusion prevention such as Symantec Client Security.

Consumers should install an Internet security solution such as Norton Internet Security 2005 AntiSpyware Edition to protect against today's known and tomorrow's unknown threats.

Both solutions have a signature that detects this vulnerability and blocks exploitation.

Symantec’s security experts will closely monitor its global intelligence network to scout for any unusual activities.


ENDS

© Scoop Media

Advertisement - scroll to continue reading
 
 
 
Business Headlines | Sci-Tech Headlines

 
 
 
 
 
 
 
 
 
 
 
 
 

Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.