News

Windows XP SP1 Vulnerable to Attacks Based on MS05-039 Flaw

Microsoft posted a security advisory to warn customers using "Simple File and Print Sharing" on systems running Windows XP Service Pack 1 that they are at increased risk for the flaw patched two weeks ago in bulletin MS05-039.

That flaw provided the foundation for the rapidly developed Zobot worm that took down servers at major media outlets and several other high-profile companies running Windows 2000.

"We are now aware of a very narrow and limited case on Windows XP SP1 whereby an unauthenticated attack might be possible. It's pretty specific (and … if you are on Windows XP SP2 or have applied MS05-039, you are not impacted by this)," Debby Fry Wilson wrote on the Microsoft Security Response Center blog Wednesday.

Wilson noted that there is no known attack that is seeking to exploit the scenario, and Microsoft provided a long list of mitigating factors for the flaw. Aside from having no effect if Windows XP SP2 or MS05-039 is installed, the flaw depends on Simple File Sharing, which is not enabled by default and isn't available on systems that are joined to a domain rather than a peer-to-peer workgroup. The flaw also could not be exploited on systems running a firewall, Wilson wrote.

Previously, Microsoft had stated that no unauthenticated attacks could travel across a network in Windows XP or Windows Server 2003. The company since realized that the way Simple File and Print Sharing automatically enables a Guest account and grants it permission to access files across the network can be exploited remotely by an unauthenticated user.

Click here to view Microsoft's security advisory.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus