Unpatched Systems at Risk From Worm, Microsoft Says

Microsoft is seeing an increase in the number of malware attacks exploiting a security hole supposedly addressed by a recent patch.

Microsoft is seeing an increase in the number of malware attacks exploiting a security hole supposedly addressed by a recent patch, the company announced on Wednesday.

The problem stems from a worm dubbed "Win32/Conficker.A." The worm will "propagate on random computers" in an affected Windows-based network, according to Microsoft.

"Recently we've received a string of reports from customers that have yet to apply the update and are infected by malware," said Microsoft Security Response Center spokesman Bill Sisk in an e-mail. "These most recent reports have a common malware family and we urge people who haven't patched their systems to patch them immediately or as soon as possible."

Redmond's concerns had prompted the company to issue an out of band patch to address the problem in late October.

The security hole, and Microsoft's related hotfix, centers on remote procedure call (RPC) technology, which allows subroutine code to execute on other computers in a shared network. What's unique about this RPC vulnerability is that subroutines can be executed without programmer interference. It allows an almost automatic remote interaction between CPUs in a shared processing environment.

One security expert maintained that there is little to be concerned about, that is, unless your system is unpatched.

Randy Abrams, director of technical education at security firm ESET, said that although the vulnerability is bad "there are several mitigations, including disabling file and print sharing, which is generally a baseline sane practice."

Abrams also suggest that the proper use of firewalls wouldn't hurt either.

"The real threat is not worms," he said. "Worms are only automation and they tend to make a lot of noise. Any vulnerability that a worm can exploit can also be exploited by a Trojan, or manually by a skilled hacker. The hacker is far more likely to go undetected and capable of causing far greater harm."

This type of client-side bug is a textbook example why defense-in-depth security practices should be followed by IT pros and individual users alike.

Microsoft offers further details on the specific threats and workarounds in this link.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Microsoft 365 Business To Get Azure Active Directory Premium P1 Perks

    Subscribers to Microsoft 365 Business (which is being renamed this month to "Microsoft 365 Business Premium") will be getting Azure Active Directory Premium P1 licensing at no additional cost.

  • How To Use .CSV Files with PowerShell, Part 1

    When it comes to bulk administration, few things are handier than .CSV files. In this two-part series, Brien demos his top techniques for working with .CSV files in PowerShell. First up: How to create a .CSV file.

  • SameSite Cookie Changes Rolled Back Until Summer

    The Chromium Project announced on Friday that it's delaying enforcement of SameSite cookie changes, and is temporarily rolling back those changes, because of the COVID-19 turmoil.

  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.