Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec Reports Spate of Attacks Via Recent Windows Flaw

Posted by timothy on from the sir-it-seems-to-be-the-windows-again dept.

Surprised Giraffe writes "Symantec is warning of a sharp jump in online attacks that appear to be targeting a recently patched bug in Microsoft's Windows operating system, an analysis that some other security companies disputed. Symantec raised its Threat Con security alert level from one to two because of the attacks, with two denoting 'increased alertness.' The attacks spotted by Symantec target a flaw in the Windows Server Service that Microsoft says could be exploited to create a self-copying worm attack."

7 of 56 comments (clear)

  1. *GASP* Threat Con Level at TWO! by GogglesPisano · · Score: 4, Informative

    What's the maximum? Maybe eleven, or perhaps over 9000?

    1. Re:*GASP* Threat Con Level at TWO! by hummassa · · Score: 2, Informative

      One. The maximum is one.

      --
      It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
    2. Re:*GASP* Threat Con Level at TWO! by Koiu+Lpoi · · Score: 3, Informative

      WHAT? NINE THOUSAND? There's no WAY that could be right!

  2. Re:Missing analysis: by Anonymous Coward · · Score: 1, Informative

    You mean the nasty little Vista Kernel exploit that requires that you be an administrator to exploit?

    If I'm already an administrator, there are a lot more ways to gain root access than exploiting a kernel hole. Especially since I'm already running as root.

    If an exploit requires that you run as root to exploit it, it's a reliability bug, not a security bug.

    Yes, it's bad that someone running as root can crash a box. But there are LOTS of ways that someone running as root can cause a machine to crash.

  3. -m --state NEW DROP by ReedYoung · · Score: 2, Informative

    Does any commercial add-on security software for Windows allow state-based checks yet?

    Windows server services are fine inside your LAN, if you have a Linux, BSD or commercial Unix-based gateway. Otherwise, any online transaction is like running through a pickpocket convention with your money hanging out of your pockets.

    --
    "I can't imagine how things could get any worse!" (some guy) "That could just be failure of imaginatioÂn on your p
  4. Re:From TFA... by root777 · · Score: 2, Informative

    Port 445 has already been used by so many other attacks, including the Sasser and Nimda worms, that even if a new worm were to be created, it would probably not change things. The people that have 445 exposed and therefore would be vulnerable to attack by last week's exploit, will likely already have been compromised by anything that's been going around for the last three years. People are desperate for something to happen in the security space because it has been so long (since a major attack)

  5. Re:Symantec warning, no Symantec link? by lysergic.acid · · Score: 2, Informative

    RTFA. it provides more useful information than Symantec's alert page. if you just want Symantec's Threatcon alerts then install their anti-virus or use their "DeepSight Threat Management System."

    the article's not just "some random .au page" (as if a random .com domain would be any better) the article reports on not just Symantec's announcements, but also McAfee and Microsoft's responses that contradict Symantec's assessment. it also gives a link to a REN-ISAC report that supports Symantec's claims. it's good to have a little context when reading security alerts from AV software vendors.