Real Cases Worm fears raised after release of Windows malware Aug 12 2006 01:21PM
Daniel Jimenez (dgj1menez hotmail com)
Worm fears raised after release of Windows malware
Bug patched in latest update, but concerns persist
Robert McMillan
August 10, 2006 (IDG News Service)

Attack code exploiting a recently-patched vulnerability in Microsoft Corp.'s
Windows operating system has been posted to the Internet, prompting concerns
of a widespread attack.

The software was added to the widely used Metasploit project -- a favorite
of both security researchers and malicious hackers -- at around 1 a.m.
Thursday morning Pacific Time, according to H.D. Moore, the Metasploit
project leader. "It works very reliably against Windows 2000 and Windows XP
systems that do not have SP2 [Service Pack 2] installed," he said in an

Security experts had worried that the Windows Server services vulnerability
-- described in Microsoft Security Bulletin MS06-040 -- could be used in a
widespread worm attack. Windows Server services are generally enabled by
default on Windows systems, and are used for common network applications
like file sharing and printing.

The bug was patched on Tuesday in one of 12 Microsoft security updates.

On Wednesday the Department of Homeland Security (DHS) took the unusual step
of warning PC users to make sure they had installed this patch. The DHS
statement warned that the vulnerability "could impact government systems,
private industry and critical infrastructure, as well as individual and home

-Daniel Jimenez

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus