The latest glitch is in Window's DCOM code -- the same component of Windows targeted by the Blaster and Nachi worms in August -- however researchers are at this stage reluctant to call the flaw a full-blown exploitable vulnerability.
One Russian security researcher, known as Zaraza, posted a warning to the SecurityFocus bugtraq mailing list on Saturday. "Windows XP SP1 with all security fixes installed [is] still vulnerable to [a] variant of the same bug.... For a while only [the] DoS exploit [has existed], but code execution is probably possible," his post read.
A day later U.S.-based security company VigilantMinds released its own advisory. "VigilantMinds has validated that hosts running fully patched versions of the following Microsoft operating systems remain subject to denial of service attacks and possible remote exploitation," it read.
It was a vulnerability in Microsoft's DCOM code that was used as the basis for the creation of the devastating Blaster worm. Unlike an e-mail based worm, Blaster was a network based worm that spread by automatically exploiting vulnerabilities on vulnerable systems. It is estimated Blaster infected between 300,000 and well over one million systems.
However U.S.-based Internet Security Systems has today claimed prior analysis has been incorrect -- the issue is a newly discovered DCOM bug, not a variation on the previous one. "This vulnerability has been reported by various sources as a new exploit vector against the vulnerability disclosed in [Microsoft security bulletin] MS03-039. This assessment is incorrect," a statement issued by the company read.
According to the company's research team, which calls itself X-Force, it is unlikely the bug can be exploited by attackers to gain access to a vulnerable system. "X-Force has not demonstrated that this vulnerability can be used to execute arbitrary code or to compromise a vulnerable system. Significant barriers exist which may prevent reliable exploitation outside of controlled lab conditions," the statement read.
SecurityFocus have published workaround information that can be used to mitigate the bug until more information comes to hand.
