Microsoft, NIPC Remind Users to Apply Service Packs -- Microsoft Certified Professional Magazine Online

Microsoft, NIPC Remind Users to Apply Service Packs

By Scott Bekker
03/09/2001

A string of intrusions by Eastern European hackers are giving the National Infrastructure Protection Council (NIPC) and Microsoft Corp. ample opportunity to patch their Windows systems. The series of attacks have resulted in the theft of over a million credit card numbers and affected more than 40 e-commerce sites.

The hackers took advantage of vulnerabilities in the Windows NT operating system and applications. All of the vulnerabilities had been patched by Microsoft, but administrators had failed to apply the patches.

Both Microsoft and the NIPC have issued warnings regarding the intrusions and about the vulnerabilities. The NIPC is investigating the break-ins.

Most of the vulnerabilities are related to web services and SQL server. In some cases, the vulnerabilities offer intruders broad access to system data and functionality.

One vulnerability allows unauthorized access to IIS through Open Database Connectivity (ODBC) through Microsoft’s Remote Data Service feature. Once a system is infiltrated, intruders can execute shell commands on the IIS server, giving them access to unpublished resident data.

Another vulnerability affects SQL Server 7.0 and Microsoft Data Engine. Using malicious queries, users can take unauthorized actions on the server, perhaps giving them access to sensitive data.

A third method of stealing information involves resetting registry permissions on NT 4.0 Server and NT 4.0 Workstation. Users are able to modify registry keys, enabling code to execute during certain system events, or reset system permissions, opening up system data.

A final vulnerability has not been used in the recent attacks, but Microsoft and the NIPC, are reminding administrators of its peril. A Web server request parsing vulnerability can enable malicious users to run system commands on a web server, creating all kinds of havoc.

All of these vulnerabilities have had patches for months or years, but not all administrators have taken the time to apply the patches. The SANS Institute says it will make a tool freely available that will enable administrators to detect which systems need security patches. The automated tool scans servers in an environment, checking for patches.

The NIPC was founded in 1998 by then-President Clinton to protect and monitor U.S. computer systems.

The Microsoft bulletin is available at http://www.microsoft.com/technet/security/nipc.asp. - Christopher McConnell

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Register! Top 5 Hybrid AD Management Mistakes and How to Avoid Them