August 11, 2006 2:09 PM PDT

Microsoft on worm watch

Computer code that takes advantage of a serious Windows flaw has been published on the Internet, increasing the chance of a worm attack.

The release of the attack code, which exploits a security hole in a Windows component related to file and printer sharing, also raises the urgency to patch. Microsoft provided a fix for the problem on Tuesday with security bulletin MS06-040. Tens of millions of Windows users have already downloaded that fix, Microsoft's Security Response Team said on a corporate blog earlier this week.

While the vulnerability affects all versions of Windows, the published exploit code works only on Windows 2000 and Windows XP Service Pack 1, Microsoft said in a security advisory published on Friday.

"This code does not affect Windows XP Service Pack 2, Windows Server 2003 or Windows Server 2003 Service Pack 1," it said.

So far, Microsoft has only seen limited use of the flaw in cyberattacks. Security experts have said that it could be exploited by an Internet worm similar in scope to Blaster, which wreaked havoc three years ago.

Microsoft's emergency response team is on worm watch, the company said.

"We have not seen signs of widespread malicious activity so far. But be assured that, like we always do, we've got our emergency response process teams watching for any possible malicious activity," Christopher Budd, security program manager at Microsoft, wrote on the Microsoft blog Wednesday.

Some security experts, however, don't expect a high-profile worm attack. "A fully automated 'big bang' type worm is increasingly unlikely in an Internet world where under-the-radar attacks take place for criminal gain," said Ken Dunham, director of the rapid response team at security company iDefense.

Instead, Dunham predicts that we will see Trojan horses and semi-automated malicious code attacks that exploit the Windows flaw in such a way that attackers can profit.

"Hacker activity has been light for the MS06-040 exploitation to date but will likely increase with the advent of this coming weekend," Dunham said, adding that all computers connected to the Internet should be patched as soon as possible.

Meanwhile, Microsoft has also verified that the MS06-040 security update works and that patched computers are not at risk from the exploit code. The fix is available via the Windows Update and Automatic Updates tools as well as on Microsoft's Web site.

A day after Microsoft released its fixes, the U.S. Department of Homeland Security issued a rare alert urging Windows users to plug the potential worm hole in the operating system. "Users are encouraged to avoid delay in applying this security patch," the Department of Homeland Security said in the statement.

See more CNET content tagged:
worm attack, emergency response, worm, Microsoft Windows Server 2003, Microsoft Windows XP Service Pack

9 comments

Join the conversation!
Add your comment
Does affect SP2
Over on eweek:
Two penetration testing companies, Immunity and Core Security Technologies, have already created and released "reliable exploits" for the flaw, which was deemed wormable on all Windows versions, including Windows XP SP2 and Windows Server 2003 SP1.
<a class="jive-link-external" href="http://www.eweek.com/article2/0,1895,2002142,00.asp" target="_newWindow">http://www.eweek.com/article2/0,1895,2002142,00.asp</a>

Even if above article is wrong on it affecting SP2, didn't it come out in August of 2004? If you don't have SP2 installed by now then you are asking for security problems. If there are problems with your software vendor that doesn't work right with SP2, then you need to look elsewhere if they can't make it work in 2 years.

Enough said, pizza is here.
Posted by Sbvmax (16 comments )
Reply Link Flag
SP1 Support...
&gt;If you don't have SP2 installed by now then you are asking for security problems.&lt;

If memory serves, Microsoft is dropping support for SP1 in October. I upgraded to SP2, after Windows Genuine Advantage had a nag pop-up on the issue. I had to install a number of HP-specific patches from HPs web site, before upgrading to SP2.
Posted by john55440 (1020 comments )
Link Flag
Microsoft is on worm watch
You could put that on one of the permanent tabs at the top of the
page.
Posted by rcrusoe (1305 comments )
Reply Link Flag
So what's new?
Microsoft is on the watch to see whether they must patch prior to next month's scheduled security patch release or not.

If they acted responsibly within 24 hours to critical alerts and 74 hours for non-critical alerts... they wouldn't have to have such a watch!!!

Bottom Line: They don't want to patch with the rest of the security world if not required... this story only goes to prove MS's inevitable!!!

They won't patch unless forced... even though they should!

Says a lot about their security policy doesn't it?

Definately out of line with the rest of the security world... regardless of what they claim otherwise!

Walt
Posted by wbenton (522 comments )
Reply Link Flag
Much ado about NOTHING! DoHS = Deliberate Stupidity
This sums it up quite well:

&gt;Some security experts, however, don't expect a high-profile worm attack. "A fully automated 'big bang' type worm is increasingly unlikely in an Internet world where under-the-radar attacks take place for criminal gain," said Ken Dunham, director of the rapid response team at security company iDefense.&lt;

Oh, about the Dept of Hopeless Stupidity; the sheeple 'patched' their Windoze boxes so the 'gov' got their [i]back door[/i] now, therefore the [b]real[/b] truth can now be told. :|

I'm so glad I don't fall for Mega$ux/the "gov's" brainwashing techniques any more! :)
Posted by btljooz (401 comments )
Reply Link Flag
What giberish!
Dept of Hopeless Stupidity
sheeple
Windoze
Mega$ux

You must be from another planet because all the giberish above are not real names or words in any language I know. Please stop your deliberate stupidity and don't expect any respect unless you can respect others.
Posted by Seaspray0 (9714 comments )
Link Flag
"IE patch crashes IE" - says Micro$soft
WARNING: The August 2006 patch is another "dirty" patch from Microsoft that causes major problems. Below is Microsoft's official report of the problem and the "work around" of disabling key functionality in IE.

"Internet Explorer 6 Service Pack 1 unexpectedly exits after you install the 918899 update"
<a class="jive-link-external" href="http://support.microsoft.com/kb/923762/" target="_newWindow">http://support.microsoft.com/kb/923762/</a>

Hopefully this saves people a some time &#38; frustration - I spent most of the week hunting this down...
Posted by W2Kuser (33 comments )
Reply Link Flag
Was this a Peoplesoft site that made it crash?
Was this a peoplesoft page that made your patched browser crash? If not what was the site?
Posted by fred dunn (793 comments )
Link Flag
I Feel Safe Now
I just love articles like this one. It's so good to know that the dept. of homeland fearmongering is on the ball. I just don't know if MS modeled their "emergency response process teams watching for any possible malicious activity" after the dept of fearmongering or if the departments' Katrina response team was modeled after Microsoft.

Some of the things that I would like to hear from all of you are: Doesn't everyone have "automatic updates" from MS? That and the "Genuine Disadvantage" programs were a part of MS's fixes somewhere back the line; so how is it that people don't have the magical fix installed on the day that it was put out?

Did something new get invented that was capable of digging a hole in windows, or was the problem there all along? And only after a hacker found it and used it; Ms takes a few months to figure out what a fifteen year old kid already knows and then they spend two months trying to make yet another patch. How many patches do I have now?

And how is it that Microsoft is in a position to even see "limited use of the flaw in cyberattacks?" "We have not seen signs of widespread malicious activity so far. But be assured that, """like we always do"", we've got our emergency response process teams watching for any possible malicious activity," -- OK OK, I'm assured. Thank God for Microsoft.

May my critics forgive me, but I just had to vent; I feel much better now.
Posted by raywigton (5 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.