Microsoft, NIPC Remind Users to Apply Service Packs

A string of intrusions by Eastern European hackers are giving the National Infrastructure Protection Council (NIPC) and Microsoft Corp. ample opportunity to patch their Windows systems. The series of attacks have resulted in the theft of over a million credit card numbers and affected more than 40 e-commerce sites.

The hackers took advantage of vulnerabilities in the Windows NT operating system and applications. All of the vulnerabilities had been patched by Microsoft, but administrators had failed to apply the patches.

Both Microsoft and the NIPC have issued warnings regarding the intrusions and about the vulnerabilities. The NIPC is investigating the break-ins.

Most of the vulnerabilities are related to web services and SQL server. In some cases, the vulnerabilities offer intruders broad access to system data and functionality.

One vulnerability allows unauthorized access to IIS through Open Database Connectivity (ODBC) through Microsoft’s Remote Data Service feature. Once a system is infiltrated, intruders can execute shell commands on the IIS server, giving them access to unpublished resident data.

Another vulnerability affects SQL Server 7.0 and Microsoft Data Engine. Using malicious queries, users can take unauthorized actions on the server, perhaps giving them access to sensitive data.

A third method of stealing information involves resetting registry permissions on NT 4.0 Server and NT 4.0 Workstation. Users are able to modify registry keys, enabling code to execute during certain system events, or reset system permissions, opening up system data.

A final vulnerability has not been used in the recent attacks, but Microsoft and the NIPC, are reminding administrators of its peril. A Web server request parsing vulnerability can enable malicious users to run system commands on a web server, creating all kinds of havoc.

All of these vulnerabilities have had patches for months or years, but not all administrators have taken the time to apply the patches. The SANS Institute says it will make a tool freely available that will enable administrators to detect which systems need security patches. The automated tool scans servers in an environment, checking for patches.

The NIPC was founded in 1998 by then-President Clinton to protect and monitor U.S. computer systems.

The Microsoft bulletin is available at - Christopher McConnell  

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Malwarebytes Affirms Other APT Attack Methods Used Besides 'Solorigate'

    Security solutions company Malwarebytes affirmed on Monday that alternative methods besides tainted SolarWinds Orion software were used in the recent "Solorigate" advanced persistent threat (APT) attacks.

  • How To Fix the Hyper-V Read Only Disk Problem

    DOS might seem like a relic now, but sometimes it's the only way to fix a problem that Windows seems ill-equipped to deal with -- like this one.

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

comments powered by Disqus