RealNews

Army dodged bullet on Win 2000 vulnerability; experts wait for wider attacks

The Army says it was not the target of last week’s zero-day exploit of a Windows 2000 weakness, as has been reported. “To the best of our knowledge, an Army system was not attacked,” said Col. Ted Dmuchowski, director of Information Assurance of the Army’s Network Technology Enterprise Command. “According to our records, the military sites that were attacked did not belong to the Army.” Dmuchowski’s statement did not identify the target, but said the Army has responded to the threat revealed by the March 10 attack. “We are aware of the vulnerability and we have taken measures to push the appropriate patch down to all Army networks,” he said. Microsoft Corp. has released a patch for the vulnerability in its Windows 2000 operating systems, which is exploited through version 5 of the company’s Internet Information Services. But some security experts say a broader attack could be in the offing. The original exploit, which enters through the IIS Web-based Distributed Authoring and Versioning function, was a standalone executable aimed at a single server, said Russ Cooper, surgeon general of TruSecure Corp. of Herndon, Va. TruSecure originally reported the incident. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.