Symantec on Tuesday uncovered a new avenue that hackers could use to exploit a buffer overflow vulnerability in Microsoft Windows Messenger Service, one that, if packaged within a self-propagating worm, could spread across a network like wildfire.
According to analysis done by Symantec's DeepSight Threat Analyst Team, the Windows Messenger Service vulnerability can be exploited by a single UDP broadcast, allowing a wholesale compromise of all vulnerable systems on the targeted network.
"This newfound exploitation path dramatically increases the speed at which a worm could propagate within a local network, making widespread infection theoretically almost instantaneous," the threat team wrote.
Alfred Huger, the senior director of engineering at Symantec's security response team, put it into perspective.
"SQLSlammer moved fast," he said, talking about the quick-spreading worm of January, 2003 that infected thousands of machines globally in a matter of hours. "But we actually think that if this exploit is packaged into a worm, it could spread faster, quite a bit faster, than Slammer. Slammer had to infect each machine individually, but all it takes is one packet [of malicious code] to infect an entire network using this exploit. It's like the difference between talking one-on-one, and screaming out to a room full of people.
