Microsoft Warns of Dial-Up Bug

If you haven't updated Windows recently, your PC could be vulnerable.

Microsoft is warning users about malicious software that could be used to attack Windows systems not protected by the company's latest security updates.

The exploit code targets a vulnerability in the Remote Access Connection Manager (RASMAN) service, which Windows uses to create network connections over the telephone. Microsoft rates the bug, which was patched on June 13, as critical, the most severe rating available.

Hackers published the code on Web sites late last week, and it is now included in Metasploit, a hacking toolkit that both security researchers and criminals use.

The malicious software is less dangerous than it might have been. Most firewalls will block it, and it requires that the hacker be authenticated on the computer before it will work.


Older Windows Versions More Susceptible
Windows 2000 and Windows XP Service Pack 1 users need to be especially wary, however, because they could be victimized by particularly nasty attacks that do not require authentication, Microsoft said.

"The current exploit code...requires authentication, but the underlying vulnerability does not," said Stephen Toulouse, a security program manager with Microsoft's security response center.

For any attack to work on the latest versions of other Windows systems, such as XP or Windows Server 2003, the attacker would have to be able to log on to the victim's machine, Microsoft said.

Hackers are likely to use the malicious software in criminal attacks now that it is in Metasploit, said Ken Williams, director of vulnerability research with CA Inc.


Dial-up Patch Problems
Complicating matters is the fact that some dial-up users have been having problems with the patch.

Computers that use Window's dial-up scripting or terminal windows to make connections may find that their dial-up connections no longer work, according to Microsoft's alert.

Users who cannot install the patch immediately should disable the RASMAN service, Microsoft said.

Over the past two weeks, Microsoft has been contending with a number of unpatched vulnerabilities in its Office and Excel software as well. Microsoft hasn't yet patched the bugs, but it said late last week that one of them should be patched in the company's next round of security updates, due July 11.

Here is the text of Microsoft's advisory on the malicious code.



Related Links:

• Go back to category System & Utilities to read more reviews and articles.
• Go back to Software Magazine's main page.