Have you heard of Hot Potato? It’s the latest security exploit that Windows-based machines are vulnerable to. Note that this doesn’t target a particular version of Windows, but rather, spans everything from Windows 7, forward to Windows Server 2012. The exploits take advantage of hooks and weaknesses built into the core of the OS itself, which has not changed from one version to the next.
The security firm Foxglove found and reported the exploit, and to date, at least so far as is known, has not been utilized by the hacking community to take over a machine, but it certainly could. What makes Hot Potato different from other exploits is that it isn’t a single exploit, but rather a chained series of them that successively escalates privileges, culminating in a complete takeover of a compromised machine.
The problem is a fairly intractable one. Some of the exploits in the Hot Potato chain were identified back in the year 2000. The reason they have not been patched yet is that doing so would destroy the backwards compatibility of the OS.
Given Microsoft’s commitment to maintain backwards compatibility, the company has not released a plan, nor yet officially responded to the release of this information, and it is unclear how a fix could be implemented at this point. The situation then, is fairly dire, but the existence and discovery of this hack doesn’t necessarily mean that all is lost, though it does raise the threat level significantly.
Ultimately, what it means is that the monitoring of network traffic for suspicious connections and activity become all the more important, because this one does not have an easy software fix. Again, any patch that might be applied would also have the unfortunate side effect of breaking OS backwards compatibility, which would create far more problems than it solves. Make sure your staff is aware of the hack, so they’ll be on the alert and more watchful than ever.