Security Watch

Study: Enterprises Fail To Mitigate Risks

Alert Mr. Obvious! The Internet exposes enterprise computing to major threats. Plus: What Microsoft plans to do about server, Web threats.

• By Jabulani Leffall
• 09/15/2009

The Internet is increasingly the epicenter ever-growing front for defense against hackers, nasty bugs and malware.

A study released early Tuesday from security firms Qualys, TippingPoint and the Internet Storm Center at the SANS Institute points to the Web as the common denominator for two of the most pervasive risks to enterprise computing. What are the two risks? They would be client side bugs from attachments sent over e-mail and vulnerable Web Sites, that can include trusted Internet destinations with malicious code or dubious phishing and bait-and-switch Web pages that exists as literal Webs to entangle unsuspecting users.

The report got its data from the appliances, workstations and server hardware of responding businesses in the period covering March to August 2009 to provide, in the words of the three organizations, "a reliable portrait of the attacks being launched and the vulnerabilities they exploit."

Microsoft's Server, Web Component Threats
Still not convinced about the Internet security focal point? Microsoft is. Over the last two weeks the company issued two security advisories, both dealing with server tools. These off-cycle advisories come at a time when Microsoft programs are besieged by Web-component related issues.
 
Like all five of last Tuesday's patches, as well as other yet-to-be fixed bugs in the company's File Transfer Protocol and Server Message Block file sharing protocol, several of the most current and pressing bugs involve Web components.

Web components are a bit more complicated than application-level bugs in that they can involve everything from smash and grab firewall breaches to a random e-mail with a malicious .PDF that allows the hacker to take over a company server with remote code execution or trigger a denial of service bug in an if-I-can't-have-it-no-one-can incursion.

The FTP issue affects Microsoft's Internet Information Services. IIS is among the world's most frequently used Web server applications, second only to the Apache HTTP server. And the SMB issue deals with how Internet traffic is conducted, parsed and ultimately harnessed for transmission via Internet Explorer on workstations.

If that isn't enough critics are up in arms about an issue with Windows' implementation of the Transmission Control Protocol/Internet Protocol (TCP/IP), which is the Web's default suite of connection protocols. Apparently, all three bugs are supposed to be mitigated by this patch for Vista and Windows Server 2008 systems, but not XP, an older operating system that's still more widely used than both of the newer OSes.

According to transcripts from an informational Webcast that followed the patch release, an update for Windows XP will not be made available for these bugs:

"By default, Windows XP Service doesn't have a listening service configured in the client firewall and are therefore not affected by this vulnerability," explained Microsoft moderators Adrian Stone and Jerry Bryant, who added that a strong firewall could do the trick for XP users.

Not for nothing, but it seems that if strong firewalls could do the trick, there would be no need for this blog post nor the threats detailed herein. If you're using an Internet connection in an enterprise environment -- and you are if you're reading this online -- stay tuned.