Symantec: Windows Messenger Service Vulnerability Bigger Than Reported

While the Slammer worm had to hit individual systems, this exploit allows hackers to send a single packet to attack every system on an entire network. The Messenger Service is part of the Windows operating system that people can use to send a pop-up message to a computer on the same network and is not Microsoft's Instant Messenger service.

"Our team has found many other methods that people can use to exploit the vulnerability that make it much more severe than what it was originally classified," said Oliver Friedrichs, senior manager with Symantec's security response team. "Every vulnerable system on a network would potentially become attacked or become infected if this were developed and deployed as a worm."

The potential for widespread disruption and sphere in which this type of threat could spread is far more substantial than the Slammer worm, he said.

This exploit could be used to attack database servers, as was the case with Slammer, but also Windows 2000, Windows XP, Windows NT and the new Windows Server 2003 system.

id
unit-1659132512259
type
Sponsored post

To exploit the vulnerability, a hacker would connect to a vulnerable system over the network. The Messenger Service runs on specific TCP (transmission control protocol) and UDP (user datagram protocol) ports that can be used to exploit the vulnerability.

Ports that are affected are TCP ports 135, 139, 445 and 593. UDP ports include 135, 137, 138 and a range of other UDP ports from 1,025 to 1,035.

Symantec, Cupertino, Calif., recommends four ways to protect against the vulnerability.

There is a patch available for download from Microsoft, which announced the original vulnerability in October.

Companies also can block the affected ports, install personal firewall software that comes with Windows XP, and configure that to block and protect systems from the Internet, or disable the Messenger Service, Friedrichs said.

"For the most part people don't need that service enabled," he said. "It's not like Instant Messenger, which is widely used. The [Messenger Service] is something that's been in Windows NT and above from the beginning, and most people don't really know it's there."