[ISN] Zotob worm hole also affects Windows XP

InfoSec News isn at c4i.org
Wed Aug 24 05:45:07 EDT 2005


By Joris Evers 
Staff Writer, CNET News.com
August 23, 2005

The plug-and-play vulnerability that caused havoc for Windows 2000
users last week also holds a serious risk for some Windows XP users,
Microsoft said Tuesday.

Computers running Windows XP with Service Pack 1 in a specific
configuration are vulnerable to worm attacks similar to the ones that
hit Windows 2000 systems, Microsoft said in a security advisory
published Tuesday.

The Zotob worm and its offshoots, plus several other worms, downed
Windows 2000 computers, including systems at ABC, CNN and The New York
Times. All the worms exploited a security hole in the plug-and-play
feature in Windows, for which Microsoft provided a fix earlier this
month and rated as "critical" for Windows 2000.

It was previously thought that only Windows 2000 machines were
vulnerable to remote attack using the plug-and-play flaw. However,
Microsoft in its security advisory on Tuesday specified one scenario
that also exposes select Windows XP users.

Also vulnerable are systems that run Windows XP with SP1 with file and
printer sharing and the Windows guest user account enabled, according
to Microsoft. This would likely be home users, because PCs are not
vulnerable if connected to a network domain, which is common in
business environments, Microsoft said.
Previous Next "This is a minor and narrow attack scenario," said Debby
Fry Wilson, a director at Microsoft's Security Response Center.  
"However, because Windows 2000 customers were attacked last week, we
wanted to take the extra precaution of offering customers this
clarifying information."

The probability that there are many vulnerable systems out there "is
very remote," Fry Wilson said. Most consumers have upgraded their
Windows XP machines to Service Pack 2, she said. In businesses, where
Windows XP SP1 is more common, computers are not vulnerable because
they are typically connected to a domain, she said.

Microsoft was made aware of the Windows XP attack possibility by
security vendor Symantec, Fry Wilson said. Microsoft urges users to
apply the security patches it provided earlier this month. Also,
Microsoft is not aware of any attack exploiting the plug-and-play flaw
that targets Windows XP.

More information about the ISN mailing list