Microsoft, under attack, releases Blaster security advice

With a new version of the W32.Blaster worm on the loose and set to spawn a massive denial-of-service attack on a Microsoft Web site Saturday, the software maker Friday released a set of security guidelines for users in an effort to minimize the damage.

Ironically, the call for preventative measures came while the software maker was investigating another denial-of-service attack on its site that occurred late Thursday. A spokeswoman for Microsoft Friday said that the current attack was not due to Blaster, however, and that they were still investigating the cause.

Meanwhile, the possibility of an attack from Blaster still looms.

The current variation of the W32.Blaster worm could affect computers running the Windows 2000, Windows XP, Windows NT and Windows Server 2003 software, Microsoft said.

The worm takes advantage of a known vulnerability in a Windows component called the DCOM , or Distributed Component Object Model.

The worm causes PCs to repeatedly crash and could potentially use infected machines to launch the denial-of-service attack on the Windowsupdate.com site.

Microsoft advised users of the vulnerable software to update their computers with the latest patches and turn on “Autoupdate” to simplify the process for installing future updates. Users are instructed to install and use antivirus software and to use a firewall.

“Many resources have been deployed to help ensure that customers have the guidelines and tools they need to enhance their computer security,” Microsoft’s Senior Director of Trustworthy Computing Jeff Jones said in a statement released Friday.

Also on Thursday, Microsoft released a tool that customers can use to scan computer networks for machines that are vulnerable to attack by the Blaster worm.

The tool works on a variety of Windows operating systems and enables Windows customers to confirm that a necessary software patch has been applied, according to Jeff Sharpe, a Microsoft spokesman.

That patch, MS03-026, was released in July and prevents infection from Blaster.

The company provided a link to the free tool on a special Web page set up to respond to the Blaster worm outbreak, which has affected hundreds of thousands of Windows machines worldwide.

However, David Litchfield a security expert and cofounder of Next Generation Security Software Ltd. in Surrey, U.K., said he was surprised Microsoft did not advise users to simply disable DCOM.

“DCOM is not needed by 99.9 percent of home users,” Litchfield said, “but it is enabled by default.” According to Litchfield, DCOM allows users to access to a program from another computer.

The new Blaster worm first appeared on the Internet Monday and quickly started to spread. According to antivirus firm Network Associates, the worm had infected between 250,000 and 1 million computers as of Thursday.

Now Microsoft fears that the infected computers will launch a denial-of-service attack against its Windows update site, causing the site to run slowly or be inaccessible to customers.

As of 10 a.m. GMT Friday, IDG News Service staff in Europe were still having trouble accessing the Windows update site due to Thursday’s denial-of-service attack.

The software maker said Friday that it is taking aggressive steps to keep the site up, but if it becomes inaccessible users will be able to access and download the Blaster patches. More detailed instructions on how to take the preventative measures are also detailed at that address.