Microsoft Confirms Zero Day Exploit, Downplays Risk

Microsoft says it's unlikely that hackers will successfully exploit a recently discovered security bug in Windows. The company says that if the bug is abused, it would likely result in a denial of service attack instead.

As noted on Wednesday, the problem involves system files related to Windows network file and printer sharing. Hackers are often particularly interested in exploiting such system files as they are a potential entry point between a networked computer and the outside world (via the Internet).

Denial of Service Risk to Windows

In this case, the Windows exploit appears to have two potential risks. The first is that the vulnerability could provide an opportunity for a denial of service attack. This involves overwhelming a computer with incoming messages until it essentially uses all available resources -- similar to repeatedly phoning a company's headquarters until its switchboard is overwhelmed.

The most prevalent form of a denial of service attack involves pinging a website so that it is rendered unavailable to the rest of the public. It is possible to carry out a denial of service attack on a standard computer: the result in this situation is that Windows would crash and needs to be rebooted. (Source: computerworld.com)

The bad news is that the "proof of concept" code that security researchers produced to show the bug's potential dangers did indeed involve such an attack. The good news is that, unlike pranksters in the past, most hackers don't have any interest in bringing down the population's computers just for the sake of it, so there's little incentive to exploit this element of the bug.

Memory Buffer Overflow Exploit a More Serious Concern

The more serious concern has been that the bug could be used for a memory buffer overflow exploit.

This involves sending a chunk of data to the computer's memory that is a different size than what is expected. Normally, that should be dealt with easily; however, with this type of exploit, the data essentially oversteps is boundaries into other protected sections of the memory which are normally used by the operating system, and thus, a hacker can gain unrestricted access to parts of the computer.

At its worst, this type of exploit can allow for remote code execution, which in effect means a hacker can directly control a victim's computer.

Attack Considered Logistically Impossible

Fortunately Microsoft believes that the latter example is unlikely with the recently discovered exploit.

Microsoft says the nature of this bug means it wouldn't be logistically possible to carry out the simplest form of attack on 32-bit computers. With 64-bit computers it would only be possible on machines having an extremely large amount of memory, likely more than 8GB. (Source: technet.com)

There also exists a more complicated way of attacking a Windows machine, but Microsoft believes that would require such specific and precise timing that it would be very difficult to pull off and there'd be no way to know if a particular attempt was likely to work.

As a result, Microsoft says it is likely to rate the bug as level three (the lowest) on its exploitability index scale: that means that even though the potential consequences of the bug could be serious, it's unlikely hackers will develop a working attack method.