News

Microsoft Ups Exploit Code Warning

It looks like that Redmond's hunch was correct when it issued an out-of-cycle security patch late last week, because on Wednesday Microsoft identified publicly available exploit code related to that vulnerability.

Mike Reavey, operations manager of Microsoft's Security Response Center, wrote in a post to the MSRC blog that the "exploit code has been shown to result in remote code execution (RCE) execution on Windows Server 2003, Windows XP and Windows 2000," the same operating systems covered in the software giant's MS08-67 bulletin published on October 23.

The vulnerability relates to the Windows Server service program not properly handling "specially crafted" remote procedure call (RPC) requests. Because Windows Server service provides RPC support, file and print support, and named pipe sharing over the network, it is vulnerable to such attacks. If the exploit were to be executed properly, it could allow a masked or almost automatic remote interaction between CPUs in a shared processing environment.

The bug has been indentified as a Trojan virus but Microsoft said it is still investigating the matter and, therefore, has yet to specify where it found the exploits. Redmond simply said it was "aware of detailed, reliable public exploit code."

Third party security vendors such as Symantec indentified the bug as "Trojan Gimmiv." Symantec stresses that Windows users who haven't already patched their systems need to get cracking on installing it.

"This flaw definitely has potential to be used as a propagation vector for a worm and in reality affects everything from Windows 2000 to Windows 7 pre-beta," said Ben Greenbaum, senior research manager for Symantec Security Response, in an e-mail comment to this site. "All it takes is one client-side exploit or Trojan that includes this exploit as a payload to get such a worm into a corporate network, where the affected ports are typically exposed to other internal computers."

Meanwhile in his own post Microsoft's Mike Reavey reiterated previous announcements by Redmond that attacks relate to this vulnerability are still sporadic and isolated.

"Attacks are still limited and targeted, even with the release of this new exploit code," he wrote. "The malware situation remains the same, as we've not seen any self-replicating worms, but instead malware that would be classified as Trojans, specifically the malware we discussed when we released the security update (last Thursday.)"

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Microsoft Invests $1 Billion in Next-Level AI Research

    Research outfit OpenAI and Microsoft have inked a $1 billion deal around artificial general intelligence (AGI), considered the holy grail of AI research.

  • Microsoft Streamlining Office 365 App Activations

    The Office 365 app installation experience should get a little easier for end users starting as early as next month.

  • The 2019 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generation of HoloLens, here's what's on tap from Microsoft this year.

  • 2019 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss this year.