The Windows Server service vulnerability called MS06-040 has been the target of a worm attack run by an automated program, reinforcing the need to get this flaw patched as soon as possible.
Attack of the Bots
Malicious coders have created a pair of bot programs that have been found on some Windows 2000 machines. These bots were able to penetrate those systems through the recently disclosed flaw in the Windows Server service, according to Symantec's SecurityFocus.
Although a patch was released on the second Tuesday of August, following Microsoft's customary pattern of such releases, some people began to work on exploits for the flaw almost immediately. Active exploit code had been found online a day after the vulnerability became public knowledge.
Adrian Stone of the Microsoft Security Response Center posted that activity associated with the bots, referred to as Graweg by Microsoft, has started to taper off:
From our analysis and our work with our partners in the MSRA we still believe that this has been a relatively contained issue that has only affected Windows 2000. However we are in no way underplaying the severity of the vulnerability addressed in MS06-040: we continue to urge customers to deploy and test the update with a heightened sense of urgency.
Stone also cited comments from Microsoft customers about the behavior of the most recent automatic updates that took place. The patch for MS06-040 took precedence over the other updates issued by Microsoft in its monthly release.
This happened because Microsoft can prioritize the updates delivered to customers, Stone wrote. The other updates will follow MS06-040, which due to its criticality received the highest priority.
iEntry 10th Anniversary
RSS
Archive
Del.icio.us
Digg
Yahoo! My Web
Furl
