At the end of the past Wednesday, Microsoft warned users about a verified piece of malicious code that could remotely exploit a security vulnerability in systems running Windows 2000, which is spreading across the internet.
According to Microsoft, not only systems running Windows 2000 are affected by this new security vulnerability, but some systems running Windows XP SP1 are also at risk. Currently, no patches have been released.
In its latest security bulletin, Microsoft provided only a few details about this new vulnerability. The developer noted that the flaw arises in the RPC (Remote Procedure Call) component of the Windows operating system. Hackers can fully exploit this vulnerability to launch denial-of-service attacks that disrupt users’ computer systems.
“On a system running Windows XP Service Pack 1, an attacker would need a valid login account to exploit this security vulnerability,” Microsoft stated in the security bulletin. However, for systems running Windows 2000, hackers do not require such access and can remotely control the attack. Older operating systems like Windows 2000 have increasingly become targets for hackers, particularly due to serious security vulnerabilities, including the recent surge of Zotob.
Windows XP SP2, Windows Server 2003, and Windows Server 2003 SP1 are not affected by this security vulnerability.
Nevertheless, according to Microsoft’s records, there have been no attacks aimed at exploiting this vulnerability to date, but the issue is still under investigation for further clarification. It is possible that a security patch will be released soon.
Microsoft has also issued some general recommendations to mitigate the risk of users being exploited through this vulnerability. “A firewall is the best defense. Users should use the default settings of the firewall, which are sufficient to protect against attacks.”
