Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search


Symantec Security Response to MS Advisory

Symantec Security Response to Microsoft Security Advisory

Last week, the Zobot and Esbot threats exploited a Microsoft Windows Plug and Play (PnP) Service vulnerability to create a backdoor on the computer system and allow remote attackers to have unauthorised access to the compromised computer.

During detailed analysis of the worms and the vulnerability, Symantec Security Response experts discovered that slight modifications to the exploit could impact some Windows XP and Windows XP SP1 systems with the possible result of unauthorized remote code execution. Windows XP SP2, however, is not susceptible to this exploitation method.

More Details on Windows PnP Service Vulnerability

The impacted configurations of Windows XP and Windows XP SP1 are not default configurations.

Attack scenarios are possible when the “guest” account is both enabled and removed from the “Deny access to this computer from the network” entry in the “User Rights Assignment” Security Policy. This can happen when Simple File and Print Sharing has been enabled, for example by sharing a folder or a printer with the local network.

It is important to note that Simple File and Print Sharing is only available on Windows XP machines that are not part of a Windows Active Directory Domain. However, configuring a Windows XP SP1 host to share network resources prior to joining an Active Directory Domain will leave it in the vulnerable state even after the Domain is joined.

After discovery and validation in the lab environment, Symantec worked with Microsoft to confirm the results. Today, Microsoft issued new information regarding the patch for the vulnerability first described in Microsoft Security Bulletin MS05-039, issued on August 9, 2005.
Additional information can be found at:

“Following responsible disclosure practices, Symantec notified Microsoft, validated the findings and quickly informed the public to protect against possible future threats,” said Oliver Friedrichs, senior manager, Symantec Security Response. “Symantec continues to urge users to update their systems when new patches are available to protect against possible exploits.”


As part of a defence in depth security solution, Symantec encourages the use of client security solutions which offer additional protection against possible exploitations of this vulnerability.

Enterprises should deploy a client security solution that includes intrusion prevention such as Symantec Client Security.

Consumers should install an Internet security solution such as Norton Internet Security 2005 AntiSpyware Edition to protect against today's known and tomorrow's unknown threats.

Both solutions have a signature that detects this vulnerability and blocks exploitation.

Symantec’s security experts will closely monitor its global intelligence network to scout for any unusual activities.


© Scoop Media

Business Headlines | Sci-Tech Headlines


Media Mega Merger: StuffMe Hearing Argues Over Moveable Feast

New Zealand's two largest news publishers are appealing against the Commerce Commission's rejection of the proposal to merge their operations. More>>


Approval: Northern Corridor Decision Released

The approval gives the green light to construction of the last link of Auckland’s Western Ring Route, providing an alternative route from South Auckland to the North Shore. More>>


Crown Accounts: $4.1 Billion Surplus

The New Zealand Government has achieved its third fiscal surplus in a row with the Crown accounts for the year ended 30 June 2017 showing an OBEGAL surplus of $4.1 billion, $2.2 billion stronger than last year, Finance Minister Steven Joyce says. More>>


Mycoplasma Bovis: One New Property Tests Positive

The newly identified property... was already under a Restricted Place notice under the Biosecurity Act. More>>

Accounting Scandal: Suspension Of Fuji Xerox From All-Of-Government Contract

General Manager of New Zealand Government Procurement John Ivil says, “FXNZ has been formally suspended from the Print Technology and Associated Services (PTAS) contract and terminated from the Office Supplies contract.” More>>