Vulnerability Possible Bot Target

Monday August 14, 2006

Various sources are reporting that a vulnerability in Windows server service may be the target of remote attack intended to build a botnet of compromised PCs. The Windows server service runs by default on nearly all versions of Windows, so don't let the word 'server' make you think it doesn't apply to your Windows desktop or laptop. On August 8th, Microsoft released a patch, MS06-040, to address the server service vulnerability. Now its up to you to visit the Microsoft update site, and apply the necessary patch.

If you don't install the patch, you risk a remote attack running with system-level privileges, meaning the level of compromise could be severe. Of course, the attack doesn't have to be carried out remotely; tricking you into opening an attachment or downloading a file from a website is also a possibility. (See "Here's the Rub" for a recent greeting card ruse designed to trick users into installing a variant of the Haxdoor Trojan).

Common sense and safe computing habits will go a long way towards protecting you from exploited vulnerabilities, malicious software, and Internet-related attacks. Keep your patches up-to-date, use a firewall, keep your antivirus up-to-date, avoid anonymous P2P filesharing, don't open email attachments received unexpectedly, and don't click links in email sent by strangers.

Resource links:
Microsoft Security Bulletin MS06-040
Vulnerability Note VU#650769 (US-CERT)
MS06-040: BOLO (Sans Diary)
MS06-040 attack information (Microsoft)
IRC-Mocbot!MS06-040 Description(McAfee)

Comments (1)
See All Posts