News
Microsoft, NIPC Remind Users to Apply Service Packs
- By Scott Bekker
- 03/09/2001
A string of
intrusions by Eastern European hackers are giving the
National Infrastructure Protection Council (NIPC)
and
Microsoft Corp. ample opportunity
to patch their Windows systems. The series of attacks have resulted in the
theft of over a million credit card numbers and affected more than 40
e-commerce sites.
The hackers
took advantage of vulnerabilities in the Windows NT operating system and
applications. All of the vulnerabilities had been patched by Microsoft, but
administrators had failed to apply the patches.
Both
Microsoft and the NIPC have issued warnings regarding the intrusions and about
the vulnerabilities. The NIPC is investigating the break-ins.
Most of the
vulnerabilities are related to web services and SQL server. In some cases, the
vulnerabilities offer intruders broad access to system data and functionality.
One
vulnerability allows unauthorized access to IIS through Open Database
Connectivity (ODBC) through Microsoft’s Remote Data Service feature. Once a
system is infiltrated, intruders can execute shell commands on the IIS server,
giving them access to unpublished resident data.
Another
vulnerability affects SQL Server 7.0 and Microsoft Data Engine. Using malicious
queries, users can take unauthorized actions on the server, perhaps giving them
access to sensitive data.
A third
method of stealing information involves resetting registry permissions on NT
4.0 Server and NT 4.0 Workstation. Users are able to modify registry keys,
enabling code to execute during certain system events, or reset system
permissions, opening up system data.
A final
vulnerability has not been used in the recent attacks, but Microsoft and the
NIPC, are reminding administrators of its peril. A Web server request parsing
vulnerability can enable malicious users to run system commands on a web
server, creating all kinds of havoc.
All of
these vulnerabilities have had patches for months or years, but not all
administrators have taken the time to apply the patches. The SANS Institute says it will make a tool
freely available that will enable administrators to detect which systems need
security patches. The automated tool scans servers in an environment, checking
for patches.
The NIPC
was founded in 1998 by then-President Clinton to protect and monitor U.S.
computer systems.
The Microsoft
bulletin is available at http://www.microsoft.com/technet/security/nipc.asp.
- Christopher McConnell
About the Author
Scott Bekker is editor in chief of Redmond Channel Partner magazine.