On 16 September 2003, two providers of Internet security services, Counterpane Internet Security and iDEFENSE, announced the discovery of malicious code that exploits a recently discovered flaw in most versions of Microsoft's Windows operating system. 
The huge Windows vulnerability that Microsoft acknowledged on 10 September 2003 provides attackers with all the tools they need to strike enterprises with another worm like MSBlast. The steps many enterprises took for the recent MSBlast attack — and the fact that the newly discovered "exploit" does not specifically target consumer desktops — will limit the impact of the coming attack. However, unprepared enterprises will get hit just as hard as they were by MSBlast. Enterprises should immediately:
- Use Internet firewalls to block the most vulnerable Windows ports: User Datagram Protocol ports 135, 137, 138 and 445 and TCP ports 135, 139, 445 and 593
- Check that Windows services using these ports are not exposed on extranets or DMZs (demilitarized zones)
- Follow Gartner's long-standing advice to install centrally managed personal firewalls on all laptops, and to audit the configurations of these firewalls to ensure that the vulnerable ports are not accepting connections
Windows has a higher security cost of ownership than other operating systems, and you should budget for the cost of installing personal firewalls, monthly patching and continual vulnerability assessment for all Windows PCs and servers. Include these additional security costs whenever you evaluate the cost of alternative platforms. Also, heavily weight the security track record of software vendors and products when you make procurement decisions. Analytical Source: John Pescatore, Gartner Research Written by Terry Allan Hicks, Gartner News Recommended Reading and Related Research (You may need to sign in or be a Gartner client to access all of this content.)
|
