Microsoft fixes yet more Windows 2000 gaps

Microsoft has released two separate security updates for Windows 2000 which, while of low to moderate importance, are further examples of the operating system's security weaknesses.

The patches prevent a possible denial of service (DoS) attack and address a low-risk weakness that allows users to upgrade their security privileges to administrator status.

Experts said that although the risk is low to moderate, the problems are resulting in network downtime while administrators install patches and reboot systems.

The DoS problem is the more serious of the two. It can occur when a malicious client sends a particular malformed remote procedure call (RPC) packet over a network to the server used as the primary domain device. Although it doesn't physically crash the computer used as the server, it prevents users logging on, and disables links to it.

The Still Image Service (SIS) bug, however, requires an attacker to physically gain entry into the server room and attach an SIS - a digital camera, for example - to the administrator's workstation.

If this kind of access is possible, the user can take advantage of an unchecked buffer on the host present in the SIS. The attacker then uses malicious code to raise their clearance level from user to that of the SIS, or local system. This then gives them control of the administrator's workstation.

Mark Read, systems development supervisor at security consultant MIS Corporate Defence, told vnunet.com: "This is an issue, but the scenario necessary means it is not of major concern. However, with the DoS vulnerability, administrators need either to install the patch, or be able to trust their internal users 100 per cent."

"They don't need the patch to prevent attacks originating over the internet as long as they have a firewall in place that blocks access to the RPC ports, which are 135-139 and 445. If they don't have a firewall, they should download the patch," he said.

"There have been a lot of patches released for Windows 2000. It doesn't seem to be a very secure system. It makes you wonder how many vulnerabilities remain to be discovered," added Read.

The patches can be downloaded from www.microsoft.com. The DoS fix will also be included in the next Windows 2000 service pack.