Microsoft warns about hole for malicious code in routing and RAS service
In an advisory, Microsoft is warning users about an exploit that can be used to infect Windows PCs with worms, for instance, via the security holes in the routing and RAS service. Microsoft advises all users to install the updates from the previous patch day, if they have not done so already, to close the hole because the exploit increases the risk of an attack. In particular, users of Windows 2000 are at greater risk because no authentication is required to exploit the hole in that system.
In its advisory, Microsoft says it is "disappointed" by the behaviour of "certain security researchers". By publishing the exploit and details about the holes, Microsoft charges that well-known expert H.D. Moore gave users less time to install the patches. In other words, he violated the "commonly accepted industry practice" of publishing weak points close to update release. For instance, David Litchfield, a database security specialist, waits three months after patches have been made available before publishing details - which, admittedly, makes him an exceptional case in the industry. Microsoft is calling on all security experts to give users more time – and warning that otherwise they would be playing into the hands of criminals who might try to exploit such holes.
H.D. Moore, the developer of Metasploit, has reacted to Microsoft's charges at his blog. He doubts that the common practice that Microsoft describes exists at all. In his reply, he also points out that his exploit is only directed at a hole that Microsoft plans quietly to stop up with updates. He also emphasizes that the security bulletins published do not actually describe the particular hole he discovered at all.
- Proof of Concept Code Published Affecting the Remote Access Connection Manager Service, Microsoft's advisory
- Microsoft is disappointed, H.D. Moore's reply