Microsoft Windows Vulnerability Targeted By New Worm

Researchers from Microsoft have warned of a new wave of attacks exploiting a critical vulnerability in Windows Server Service, patched by the company with an emergency update last month.

If you haven’t patched the vulnerability in Windows Server Service yet, which was released last month, this is high time to do so, the software giant advices.

Though Microsoft has already released an out-of-cycle fix in October, outlined in its security bulletin “MS08-067”, a number of attacks exploiting the vulnerability have already been reported, with around 50 exploits notified last week.

While the previous attacks were primarily targeted at some specific systems, the new exploits are expected to be more general in nature, Microsoft added.

The vulnerability that is being targeted is mainly due to inadequate handling of remote protocol (RPC) requests by Windows Server Service, which could allow remote attackers to execute coding on victim’s PC, through a specially crafted RPC.

The latest bug detected is tagged as Win32/Conficker.A by Microsoft, W32.Downadup by Symantec, and W32/Conficker by McAfee.

Interestingly, the malware fixes an API flaw in victim’s computer’s memory, so as to make sure that some other malware content could not take over the system, the researchers claimed in a blog post.

The security hole can be exploited without verification on Windows 2000, XP, and Server 2003 platforms; however, Windows Sever 2008 and Vista are also found to be affected, but the vulnerable code path in these platforms can only be accessed by verified users.

Related Links

- Microsoft Vulnerability Faces New Round of Attacks

- Microsoft warns of new Windows attacks

- Microsoft Warns Of Attack Exploiting Windows Vulnerability

- Microsoft warns about “creative” exploits

- Microsoft Warns Users Of Active Worm Exploiting Windows Bug

- New worm exploiting MS08-067 flaw spotted in the wild

- Microsoft warns of attacks on recent flaw

- Microsoft warns of malware exploiting known vulnerability