A major flaw in Microsoft's Windows operating system remained, for the most part, unexploited over the weekend, according to the software giant and security firms.
While some researchers have created proof-of-concept attacks for the bug in the Windows Server service, Microsoft has not seen "evidence of public, reliable exploit code showing code execution," Christopher Budd, a security program manager for Microsoft, said in a blog post on Sunday. The only malicious code circulating on the Internet so far is a Trojan horse, dubbed by some security firms as "W32/Gimmiv," that predates the release of the patch for the flaw.
"Were not aware of any broad attacks or new malware seeking to exploit this vulnerability since weve released the security update on Thursday," Budd stated in the blog post. "While there have been a couple of reports of a 'new worm,' these reports are actually inaccurate: theyre talking about malware we found in our investigation of the original targeted and limited attacks that we talked about in our posting on Thursday."
Several security professionals have claimed that they have created proof-of-concept attacks using the vulnerability. A researcher at security firm Immunity created an exploit for the flaw in about two hours, David Aitel, principal researcher for the firm, said on the company's mailing list.
A proof-of-concept exploit for the issue on Chinese Windows systems appeared on the Internet, according to a post by security firm F-Secure. Aside from that, little malicious activity has been seen, the company stated.
"The weekend was really quiet," F-Secure stated on the blog. "We received about a handful of Gimmiv variants and no other malware that uses the same vulnerability. ... We are keeping a really close eye on the situation since all it takes is a single working 'universal' public exploit for things to go downhill pretty fast."
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos