News

Microsoft Ups Exploit Code Warning

It looks like that Redmond's hunch was correct when it issued an out-of-cycle security patch late last week, because on Wednesday Microsoft identified publicly available exploit code related to that vulnerability.

Mike Reavey, operations manager of Microsoft's Security Response Center, wrote in a post to the MSRC blog that the "exploit code has been shown to result in remote code execution (RCE) execution on Windows Server 2003, Windows XP and Windows 2000," the same operating systems covered in the software giant's MS08-67 bulletin published on October 23.

The vulnerability relates to the Windows Server service program not properly handling "specially crafted" remote procedure call (RPC) requests. Because Windows Server service provides RPC support, file and print support, and named pipe sharing over the network, it is vulnerable to such attacks. If the exploit were to be executed properly, it could allow a masked or almost automatic remote interaction between CPUs in a shared processing environment.

The bug has been indentified as a Trojan virus but Microsoft said it is still investigating the matter and, therefore, has yet to specify where it found the exploits. Redmond simply said it was "aware of detailed, reliable public exploit code."

Third party security vendors such as Symantec indentified the bug as "Trojan Gimmiv." Symantec stresses that Windows users who haven't already patched their systems need to get cracking on installing it.

"This flaw definitely has potential to be used as a propagation vector for a worm and in reality affects everything from Windows 2000 to Windows 7 pre-beta," said Ben Greenbaum, senior research manager for Symantec Security Response, in an e-mail comment to this site. "All it takes is one client-side exploit or Trojan that includes this exploit as a payload to get such a worm into a corporate network, where the affected ports are typically exposed to other internal computers."

Meanwhile in his own post Microsoft's Mike Reavey reiterated previous announcements by Redmond that attacks relate to this vulnerability are still sporadic and isolated.

"Attacks are still limited and targeted, even with the release of this new exploit code," he wrote. "The malware situation remains the same, as we've not seen any self-replicating worms, but instead malware that would be classified as Trojans, specifically the malware we discussed when we released the security update (last Thursday.)"

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Gears

    Top 10 Microsoft Tips and Analyses of 2018

    Here are the year's most popular explainers and how-to columns -- along with some plain, old "Why did Microsoft do that?" musings thrown in.

  • Sign

    2018 Microsoft Predictions Revisited

    From guessing the fate of Windows 10 S to predicting Microsoft's next big move with Linux, Brien's predictions from a year ago were on the mark more than they weren't.

  • Microsoft Recaps Delivery Optimization Bandwidth Controls for Organizations

    Microsoft expects organizations using its Delivery Optimization peer-to-peer update scheme will optimally see 60 percent to 70 percent improvements in terms of network bandwidth use.

  • Getting a Handle on Hyper-V Virtual NICs

    Hyper-V usually makes it easy to configure virtual network adapters within VMs. That is, until you need to create a VM containing multiple virtual NICs.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.