Unpatched Systems at Risk From Worm, Microsoft Says -- Virtualization Review

Unpatched Systems at Risk From Worm, Microsoft Says

Microsoft is seeing an increase in the number of malware attacks exploiting a security hole supposedly addressed by a recent patch.

By Jabulani Leffall
11/26/2008

Microsoft is seeing an increase in the number of malware attacks exploiting a security hole supposedly addressed by a recent patch, the company announced on Wednesday.

The problem stems from a worm dubbed "Win32/Conficker.A." The worm will "propagate on random computers" in an affected Windows-based network, according to Microsoft.

"Recently we've received a string of reports from customers that have yet to apply the update and are infected by malware," said Microsoft Security Response Center spokesman Bill Sisk in an e-mail. "These most recent reports have a common malware family and we urge people who haven't patched their systems to patch them immediately or as soon as possible."

Redmond's concerns had prompted the company to issue an out of band patch to address the problem in late October.

The security hole, and Microsoft's related hotfix, centers on remote procedure call (RPC) technology, which allows subroutine code to execute on other computers in a shared network. What's unique about this RPC vulnerability is that subroutines can be executed without programmer interference. It allows an almost automatic remote interaction between CPUs in a shared processing environment.

One security expert maintained that there is little to be concerned about, that is, unless your system is unpatched.

Randy Abrams, director of technical education at security firm ESET, said that although the vulnerability is bad "there are several mitigations, including disabling file and print sharing, which is generally a baseline sane practice."

Abrams also suggest that the proper use of firewalls wouldn't hurt either.

"The real threat is not worms," he said. "Worms are only automation and they tend to make a lot of noise. Any vulnerability that a worm can exploit can also be exploited by a Trojan, or manually by a skilled hacker. The hacker is far more likely to go undetected and capable of causing far greater harm."

This type of client-side bug is a textbook example why defense-in-depth security practices should be followed by IT pros and individual users alike.

Microsoft offers further details on the specific threats and workarounds in this link.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.