Exploit Looks For Unpatched Windows Servers

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
This is why Microsoft never gives out the details on vulnerabilities before Patch Tuesday.

Since issuing a patch for a serious vulnerability last Tuesday, a number of exploits have hit the Internet, hoping to take advantage of computers that have not yet been patched to close the vulnerability.

Bulletin MS06-040 is a buffer overflow exploit that allows for remote code execution vulnerability in the Server Service that could allow an attacker to take complete control of the affected system.

Microsoft (Quote, Chart) labeled the flaw as "critical," which was something of an understatement. Exploitation of this flaw could allow for attacks as severe as the Blaster and Sasser worms.

The exploit was so severe that the U.S. Department of Homeland Security took the unusual step of issuing a press release urging everyone to install the patch.

Patch Tuesday for August was August 8, and by August 12 the first exploit appeared. As is the case, every antivirus vendor has given it a different name. It's referred to by the names Win32/Graweg.B, IRC-Mocbot!MS06-040, W32.Wargbot and WORM_IRCBOT.JK.

This exploit is variant of a backdoor Trojan that installs itself on a system, modifies security settings, connects to an Internet Relay Chat server and starts listening for commands from a remote hacker, according to analysis from antivirus vendors.

The Microsoft Security Response Center (MSRC) describes the attack as "extremely targeted" and said it appears to be specifically targeted at Windows 2000 machines.

This article was first published on InternetNews.com. To read the full article, click here.

Submit a Comment

Loading Comments...