News

Microsoft Ups Exploit Code Warning

It looks like that Redmond's hunch was correct when it issued an out-of-cycle security patch late last week, because on Wednesday Microsoft identified publicly available exploit code related to that vulnerability.

Mike Reavey, operations manager of Microsoft's Security Response Center, wrote in a post to the MSRC blog that the "exploit code has been shown to result in remote code execution (RCE) execution on Windows Server 2003, Windows XP and Windows 2000," the same operating systems covered in the software giant's MS08-67 bulletin published on October 23.

The vulnerability relates to the Windows Server service program not properly handling "specially crafted" remote procedure call (RPC) requests. Because Windows Server service provides RPC support, file and print support, and named pipe sharing over the network, it is vulnerable to such attacks. If the exploit were to be executed properly, it could allow a masked or almost automatic remote interaction between CPUs in a shared processing environment.

The bug has been indentified as a Trojan virus but Microsoft said it is still investigating the matter and, therefore, has yet to specify where it found the exploits. Redmond simply said it was "aware of detailed, reliable public exploit code."

Third party security vendors such as Symantec indentified the bug as "Trojan Gimmiv." Symantec stresses that Windows users who haven't already patched their systems need to get cracking on installing it.

"This flaw definitely has potential to be used as a propagation vector for a worm and in reality affects everything from Windows 2000 to Windows 7 pre-beta," said Ben Greenbaum, senior research manager for Symantec Security Response, in an e-mail comment to this site. "All it takes is one client-side exploit or Trojan that includes this exploit as a payload to get such a worm into a corporate network, where the affected ports are typically exposed to other internal computers."

Meanwhile in his own post Microsoft's Mike Reavey reiterated previous announcements by Redmond that attacks relate to this vulnerability are still sporadic and isolated.

"Attacks are still limited and targeted, even with the release of this new exploit code," he wrote. "The malware situation remains the same, as we've not seen any self-replicating worms, but instead malware that would be classified as Trojans, specifically the malware we discussed when we released the security update (last Thursday.)"

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Insights for MyAnalytics Getting Switched On for Office 365 Users This Month

    Microsoft is planning to activate "Insights for MyAnalytics" sometime late this month for most Office 365 users, but the ability of organizations to manage this feature won't be available until possibly mid-May.

  • SharePoint Framework 1.8 Now Generally Available

    Microsoft this week announced that SharePoint Framework 1.8 had reached "general availability" status, although some features are still at the preview stage.

  • How To Create Office 365 User Accounts in Bulk

    Manual account creation can be tedious, time-consuming and prone to human error, especially if you have more than a handful of Office 365 users to set up. Brien shows you a better way.

  • System Center 2019 Reaches General Availability

    System Center 2019 has now reached the "general availability" product stage, Microsoft indicated in a Thursday update.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.