News

Microsoft Ups Exploit Code Warning

It looks like that Redmond's hunch was correct when it issued an out-of-cycle security patch late last week, because on Wednesday Microsoft identified publicly available exploit code related to that vulnerability.

Mike Reavey, operations manager of Microsoft's Security Response Center, wrote in a post to the MSRC blog that the "exploit code has been shown to result in remote code execution (RCE) execution on Windows Server 2003, Windows XP and Windows 2000," the same operating systems covered in the software giant's MS08-67 bulletin published on October 23.

The vulnerability relates to the Windows Server service program not properly handling "specially crafted" remote procedure call (RPC) requests. Because Windows Server service provides RPC support, file and print support, and named pipe sharing over the network, it is vulnerable to such attacks. If the exploit were to be executed properly, it could allow a masked or almost automatic remote interaction between CPUs in a shared processing environment.

The bug has been indentified as a Trojan virus but Microsoft said it is still investigating the matter and, therefore, has yet to specify where it found the exploits. Redmond simply said it was "aware of detailed, reliable public exploit code."

Third party security vendors such as Symantec indentified the bug as "Trojan Gimmiv." Symantec stresses that Windows users who haven't already patched their systems need to get cracking on installing it.

"This flaw definitely has potential to be used as a propagation vector for a worm and in reality affects everything from Windows 2000 to Windows 7 pre-beta," said Ben Greenbaum, senior research manager for Symantec Security Response, in an e-mail comment to this site. "All it takes is one client-side exploit or Trojan that includes this exploit as a payload to get such a worm into a corporate network, where the affected ports are typically exposed to other internal computers."

Meanwhile in his own post Microsoft's Mike Reavey reiterated previous announcements by Redmond that attacks relate to this vulnerability are still sporadic and isolated.

"Attacks are still limited and targeted, even with the release of this new exploit code," he wrote. "The malware situation remains the same, as we've not seen any self-replicating worms, but instead malware that would be classified as Trojans, specifically the malware we discussed when we released the security update (last Thursday.)"

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Report: Cost, Sustainability Drive DaaS Adoption Beyond Remote Work

    Gartner's 2025 Magic Quadrant for Desktop as a Service reveals that while secure remote access remains a key driver of DaaS adoption, a growing number of deployments now focus on broader efficiency goals.

  • Windows 365 Reserve, Microsoft's Cloud PC Rental Service, Hits Preview

    Microsoft has launched a limited public preview of its new "Windows 365 Reserve" service, which lets organizations rent cloud PC instances in the event their Windows devices are stolen, lost or damaged.

  • Hands-On AI Skills Now Outshine Certs in Salary Stakes

    For AI-related roles, employers are prioritizing verifiable, hands-on abilities over framed certificates -- and they're paying a premium for it.

  • Roadblocks in Enterprise AI: Data and Skills Shortfalls Could Cost Millions

    Businesses risk losing up to $87 million a year if they fail to catch up with AI innovation, according to the Couchbase FY 2026 CIO AI Survey released this month.