Exploit Looks For Unpatched Windows Servers

This is why Microsoft never gives out the details on vulnerabilities before Patch Tuesday.

Since issuing a patch for a serious vulnerability last Tuesday, a number of exploits have hit the Internet, hoping to take advantage of computers that have not yet been patched to close the vulnerability.

Bulletin MS06-040 is a buffer overflow exploit that allows for remote code execution vulnerability in the Server Service that could allow an attacker to take complete control of the affected system.

Microsoft (Quote, Chart)?labeled the flaw as “critical,” which was something of an understatement. Exploitation of this flaw could allow for attacks as severe as the Blaster and Sasser worms.

The exploit was so severe that the U.S. Department of Homeland Security took the unusual step of issuing a press release urging everyone to install the patch.

Patch Tuesday for August was August 8, and by August 12 the first exploit appeared. As is the case, every antivirus vendor has given it a different name. It’s referred to by the names Win32/Graweg.B, IRC-Mocbot!MS06-040, W32.Wargbot and WORM_IRCBOT.JK.

This exploit is variant of a backdoor Trojan that installs itself on a system, modifies security settings, connects to an Internet Relay Chat server and starts listening for commands from a remote hacker, according to analysis from antivirus vendors.

The Microsoft Security Response Center (MSRC) describes the attack as “extremely targeted” and said it appears to be specifically targeted at Windows 2000 machines.

This article was first published on InternetNews.com. To read the full article, click here.

Andy Patrizio
Andy Patrizio
Andy Patrizio is a freelance journalist based in southern California who has covered the computer industry for 20 years and has built every x86 PC he’s ever owned, laptops not included.

Top Products

Related articles