Chinese Group Releases Code Exploiting Flaw in Microsoft Software
A group in China released a program Friday that lets hackers exploit a flaw in Microsoft software and take over a victim's computer over the Internet.
The program, released nine days after Microsoft Corp. announced the flaw, has turned an embarrassment for the company and inconvenience for customers into a near-emergency.
The program, posted on the group's Web site, takes advantage of a vulnerability in nearly all versions of Microsoft's Windows operating system, including Windows Server 2003, touted as Microsoft's safest ever.
The Redmond software giant has urged corporate and home users to download a free software fix, but many consumers -- particularly companies with hundreds or thousands of computers at risk -- probably haven't yet done so, said Marc Maiffret, co-founder of eEye Digital Security Inc. of Aliso Viejo, Calif.
"Three times a year, there are (flaws) this bad," Mr. Maiffret said. "This is one of those times."
The flaw, discovered by western Poland researchers called the "Last Stage of Delirium Research Group," affects Windows technology used to share data files across computer networks. It can allow attackers to seize control of a victim's computer, letting them steal data, delete files and access e-mails.
The flaw is an embarrassment to a company that has dedicated millions of dollars to its highly trumpeted Trustworthy Computing initiative, in which Microsoft has been emphasizing security in writing code.
The Chinese group, Xfocus, didn't contact Microsoft before posting the sample code, said Jeff Jones , Microsoft's senior director of Trustworthy Computing security.
"We continue to believe that publication of exploit code in cases like this is not good for customers," Mr. Jones said.
Xfocus, described on its Web site as a nonprofit and free technology organization founded in 1998, didn't immediately return an e-mail request for comment sent Friday by The Associated Press.
Russ Cooper, of Herndon, Va.-based TruSecure Corp., questioned why the group chose to post the code. "I don't understand the point behind doing this," he said. "This isn't healthy for the "Net at all."
So far, Microsoft hasn't heard of any instances of the code being used. Microsoft said companies with strong firewalls commonly block the type of data connections that outside hackers would need for such attacks.
But Mr. Cooper said there are other ways to breach firewalls. He said attackers could gain access by targeting legitimate users who connect into the computer network from an unsecured remote location.
He added that the code can be used to attack one site at a time, but that he expects someone will soon "make the leap to turn this code to a worm" that could attack Internet sites randomly, en masse.
中国网站发布Windows漏洞利用程序
中国境内一组织上周五发布了一套能够让骇客利用微软(Microsoft, MSFT)软件中的漏洞,通过互联网控制受害者电脑的程序。
此程序仅在微软宣布上述软件缺陷的9天后便已推出,使微软面临的尴尬及其客户所面临的麻烦迅速升级,近乎演变成一场危机。
设计上述程序的中国组织名为Xfocus。现已在该组织网站上公布的这套程序利用了微软几乎所有版本Windows操作系统的漏洞,包括被宣传为最安全的Windows Server 2003。
eEye Digital Security Inc.的Marc Maiffret称,微软已敦促公司和个人用户下载免费修补软件,但许多用户可能尚未这么做,其中多数是拥有众多终端电脑的公司用户。 微软负责电脑安全事务主管Jeff Jones表示,Xfocus在公布上述破坏性程序前,并未与微软接触洽商,而微软认为公布此类程序对于电脑用户是极为不利的。
根据Xfocus在其网站上公布的信息,该组织成立于1998年,是一非盈利性科技组织。
微软称迄今尚未发现有人利用Xfocus程序的案例。
