Emergency Windows patch too late for some
Security experts say they’ve already figured out ways to exploit the bug for which Microsoft issued an emergency patch last week. One Trojan horse is already spreading faster thanks to the loophole, though it was already in existence before the patch was announced.
The virus is most commonly named ‘Gimmiv.A’, though is also known as ‘Spy-Agent.Da’. It’s a fairly typical Trojan horse in that it looks for passwords and other data and then sends them to a remote computer.
However, it appears the creators recently modified it to search through computers on a local network to look for machines which haven’t had last week’s patch applied. It then exploits the bug, which is in the Windows system used to allow one computer to run activity on another machine (for example, with networked printers).
The Windows bug (which mainly affects Windows 2000 and XP) magnifies the potential danger of the virus. Normally Gimmiv.A is fairly inefficient as each copy of the virus will only work for a specific language and edition of Windows. Because the bug allows it to spread across networks more easily, there’s a greater chance that the virus will stumble upon a copy of Windows on which it can perform its evil.
Several security professionals say they have produced proof-of concept attacks based on information they found in the patch itself. In this context, a proof-of-concept attack involves doing just enough to show how an exploit would work, without actually doing any damage. There is also at least one hacker who has posted a proof-of-concept with the intention that people are able to use the information for malicious purposes.
The developments show the dilemma a major firm such as Microsoft faces in patching security gaps. It recently began working with security firms to give them advance notice of impending updates, the idea being to reduce the problem of hackers looking at the fix, figuring out the original problem, and exploiting it before everyone had applied the fix.
In this case, it appears hackers already knew about the problem without seeing the fix, which is why Microsoft had to issue an emergency patch. The problem with cases like that is finding a balance between the risks of hacking increasing if you leave the fix until the next scheduled update, and the risk of issuing so many emergency patches that you ruin your software’s reputation or even create a ‘boy who cried wolf’ effect where people stop taking threats seriously.
Related Posts:
