A vulnerability fixed by the Microsoft late last month has become a target for two malicious programs, the software giant said on Tuesday.
The security hole, caused by the flawed processing of remote procedure call (RPC) requests by the Windows Server service, was patched by Microsoft in late October, after the company received reports of limited attacks against customers. At least two malicious programs -- a network worm dubbed Conficker.A and a bot program known as IRCbot.BH — are now exploiting the flaw to spread, the software giant said.
"Recently weve received a string of reports from customers that have yet to apply the update and are infected by malware," Bill Sisk, security program manager for Microsoft's Security Response Center, said in a post to the group's blog. "We continue to urge customers to deploy the update and make sure their security software is updated with the latest signatures."
The warnings come a month after Microsoft issued a patch for the Windows Server vulnerability. Windows XP, Windows 2000 and Windows 2003 systems could be compromised remotely, if the systems do not have a personal firewall installed and working or if file and printer sharing is activated. Windows Vista and Windows Server 2008 systems are not as vulnerable to exploitation of the issue, as the attacker would first have to authenticate to access the vulnerable code, Microsoft stated in October.
Security firm Trend Micro noted that the worm creates a spike in traffic on the port used for Windows file sharing, port 445. In addition, the company postulated that the two malicious programs, which it calls DOWNAD.A and NETWORM.C, could be related, as they were frequently found together on compromised systems.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos