Worm targets MS08-067 vulnerability
Exploit attack patches flaw once system penetrated.
A worm has been seen taking advantage of the vulnerability in Microsoft's Windows Server Service, patched out-of-cycle last month in the MS08-067 announcement.

The worm takes advantage of machines yet to be patched by tardy administrators, and once it is installed it proceeds to patch the vulnerability to prevent other malicious attacks from joining it on the victim system. Microsoft reports numerous attempts to exploit the flaw over the past month, but this latest worm is the most widespread and sophisticated.
More details on the outbreak are in a Microsoft malware team blog entry here, with further comment in The Register here, eWeek here or ZDNet here.
1 December 2008
Tags:
exploit, microsoft, patch, vulnerability, worm.
del.icio.us
digg this
0 comments
Leave a comment
Poll
Who in your company is responsible for installing software patches?Leave a comment

VB100 certification
The final VB100 of the year sees a double whammy of potential
pitfalls for our comparative participants - the
Vista operating system, which still seems shiny
and new as well as a little scary (to both developers and users), as well
as the x64 architecture, whose ostensible compatibility with standard
32-bit software belies oddities and intricacies that developers ignore at
their peril. The announcement of the test brought a few surprises, as
several regulars opted to skip this one, but the majority of veteran
competitors took part as usual, along with several newer faces, many of
whom look set to join the ranks of our regulars.
See full results.
Virus Bulletin currently has 148,292 registered users.

