We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Security hole stuns Microsoft

Power grids and water supply threatened

Microsoft has released a critical software update to patch a security hole in a common Windows component that could allow malicious hackers to place and run their own code on machines running the Windows operating system.

The security hole, in a Windows component called the ASN.1 library, affects a wide range of Windows features and software, from file sharing between Windows machines, to software applications that use digital certificates, according to Microsoft and eEye Digital Security, which discovered the problem.

ASN, or Abstract Syntax Notation, is an international standard for representing different types of binary data such as numbers or strings of text.

The ASN.1 library allows different software applications running in Windows to identify the types of data they are passing back and forth, allowing each system to properly interpret the data it receives. It has been a standard Windows component since the release of Windows NT Version 4.0, according to Marc Maiffret, chief hacking officer at eEye.

An unchecked buffer in the ASN.1 Library could allow remote attackers to cause a buffer overflow and take control of a vulnerable Windows system, Microsoft confirmed yesterday.

In buffer overflow attacks, hackers use flaws in a software program's underlying code to overwrite areas of the computer's memory, replacing legitimate computer instructions with bad data or other instructions.

The Microsoft security bulletin, MS04-007 [cq] patches the ASN.1 Library on affected Windows systems, ranging from Windows NT Workstation 4.0 Service pack 6a to the latest version of Windows Server 2003. (See: http://www.microsoft.com/security/security_bulletins/20040210_windows.asp.)

The patch fixes vulnerabilities eEye discovered in the ASN.1 Library and informed Microsoft about in July 2003. However, the company warned that Microsoft's implementation of ASN is "fraught with integer overflows." Accordig to Maiffret it is likely that other security flaws will be found in the library.

"Typically, if there's one set of vulnerabilities, there will be more found. Everything we know of was fixed today [Tuesday], but usually where there's one there's many," he said.

That was the case with Microsoft's implementation of the DCOM (Distributed Component Object Model), a protocol that allows software programs to communicate over a network. A security vulnerability in the DCOM interface that handled RPC (remote procedure call) traffic spawned the Blaster worm, as well as other attacks.

The ASN vulnerability could be similarly exploited and used to create a network worm, according to Maiffret. Unlike DCOM, it would be difficult to simply disable ASN should such a worm appear, because it is used by so many different applications.

Even more ominous, ASN is commonly used in critical infrastructure such as power grids and water supply control systems, where it allows hardware that makes up the infrastructure to send data such as power consumption levels to software control systems.

Microsoft advised customers running affected versions of Windows to download and apply the patch immediately.

IDG UK Sites

6 best gaming PCs 2015: What's the best gaming PC you can buy in the UK?

IDG UK Sites

Three of the most expensive Limited Edition games ever made: Who's buying a $1,000,000 game?

IDG UK Sites

The future of Microsoft Surface: What to expect from the Surface Pro 4

IDG UK Sites

Best Mac: Apple Mac buyers guide for 2015: iMac, MacBook, MacBook Air, MacBook Pro, Mac mini and...