Off-Cycle Microsoft Patch Targets Worm-Like Windows Bug

Redmond on Thursday released a critical out-of-cycle security patch affecting Windows 2000, Windows XP and Windows Server 2003 systems.

Redmond on Thursday released a critical out-of-cycle security patch affecting Windows 2000, Windows XP and Windows Server 2003 systems.

The software giant said weaknesses in server service mechanisms within these OSes could allow for remote code execution (RCE) exploits through the use of a "specially crafted" remote procedure call (RPC) request.

RPC technology, first adopted by Microsoft in the mid-1980s, allows subroutine code to execute on other computers on a shared network. What's unique about this RPC vulnerability is that subroutines can be executed without programmer interference. It allows an almost automatic remote interaction between CPUs in a shared processing environment.

An attacker could exploit this vulnerability in the affected Windows OSes and run arbitrary code without authentication. Redmond is hastening an out-of-cycle patch because the vulnerability is reminiscent of self-replicating malware or a "wormable exploit," as Microsoft calls it.

"Based on the number of Windows systems that are potentially exposed to a massive attack, it was in Microsoft's best interest to just go ahead and patch it," said Jon Oltsik, an analyst at Milfort, Mass.-based IT research firm Enterprise Strategy Group. "This exploit that applies to this fix is not in the wild to a great degree but the thinking behind the bulletin was probably, 'why wait.'"

Security experts say that for users running newer versions of Windows, such as Vista and Windows Server 2008, the potential attack associated with this bulletin cannot be anonymous and must use authenticated user credentials to exploit the vulnerability. However, they do warn that this does not mean it's impossible to exploit the vulnerability in a newer Windows OS. It just won't be as easy.

Nevertheless, the common consensus among observers is that IT pros should install the patch now.

"In normal situations, administrators could typically test the patch against their production network to ensure the patch does not break functionality," said Jason Miller, security data team manager at St. Paul, Minn.-based Shavlik Technologies. "But in this situation, enterprise IT workers should patch this vulnerability immediately to their servers and workstations."

It's not often that Redmond issues off-cycle or out-of-band patches. It's done so just a handful of times since 2006. Coincidentally, 2006 was the year a similar patch pertaining to this issue was released. Thursday's patch replaces that September 2006 hotfix.

Because the fix is critical and will require a restart, security pros say IT managers and staff should collaborate to ensure seamless installation and testing. They recommend coordinating with desktop or end-point support personnel, as well as with network administrators and off-site consultants, where applicable.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Azure Cost Management Now Commercially Available for Some Tenancies

    Microsoft on Monday announced that its Azure Cost Management feature had reached the "general availability" release stage for both Azure "pay-as-you-go" customers and Azure Government tenancies.

  • Microsoft Bringing Files Restore Capability to SharePoint Online and Teams

    Microsoft on Monday announced that it's delivering its Files Restore feature for SharePoint Online and Microsoft Teams to Office 365 tenancies as early as this month.

  • Microsoft Nabs IoT Platform Provider Express Logic

    As part of its plan to invest $5 billion in IoT technologies, Microsoft this week acquired Express Logic, which provides real-time operating systems for industrial embedded and IoT devices.

  • Dealing with Broken Dependencies in SCVMM

    Brien shows you how to resolve some broken, template-related dependencies in Microsoft's System Center Virtual Machine Manager.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.