Microsoft serves up out-of-cycle patch for Windows bug

Share this article:
Microsoft on Thursday shipped an emergency fix for a previously unknown Windows vulnerability that has the potential of turning into a worm.

The flaw exists in Windows Server and could allow unauthenticated remote attackers to send "bad packets" over a network to vulnerable Windows 2000, XP and Server 2003 systems, said Andrew Storms, director of security operations at nCircle.

Vista and Server 2008 systems are also vulnerable to attack but would require an authenticated user -- thus the bug is not wormable on those platforms, Storms said.

According to Microsoft's bulletin, an attacker could execute the remote code by sending a specially crafted Remote Procedure Call (RPC) request, in which one computer talks to another.

About two weeks ago, Microsoft began noticing targeted attacks taking advantage of the vulnerability, Christopher Budd, security program manager at Microsoft said in a blog post. However, no proof-of-concept code had been publicly released.

"As we analyzed the vulnerability in our Software Security Incident Response Process (SSIRP), we found that this vulnerability was potentially wormable on Windows XP and older systems," Budd wrote. "Our analysis also showed that it would be possible to address this vulnerability in a way that would enable us to develop an update of appropriate quality for broad distribution quickly."

Ziv Mador of the Microsoft Malware Protection Center said Thursday in another blog post that the exploit attempts to install a trojan named n2.exe, for which there are two variants.

"Basically if file sharing is enabled and the security update is not installed yet, the computer is vulnerable," Mador wrote.

Storms said Microsoft -- which typically ships patches on the second Tuesday of each month -- decided to release the rare, out-of-cycle fix because the bug did not require authentication and because it was determined to be "consistently" exploitable on older Windows versions.

"While they had the chance, they stepped in before it could be potentially something worse," Storms said.

Businesses immediately should deploy the patch, but they should also ensure they are running properly configured firewalls with appropriate policy settings, which typically help stop server-side exploits, he added.

Microsoft last released an out-of-band bulletin in April 2007 to correct potentially devastating flaws in the way Windows handles ANI files. In 2006, Microsoft issued an earlier-than-scheduled fix for a Windows Metafile (WMF) flaw.


Share this article:

Sign up to our newsletters

More in News

Firefox 32 feature could cut undetected malware downloads 'in half'

Mozilla plans to introduce a feature in Firefox 32 that, based on preliminary testing, could cut the amount of undetected malware downloads in half.

EFF asks court to find NSA internet spying a violation of Fourth Amendment

EFF asks court to find NSA internet spying ...

Complete with a colorful graphic, the EFF showed a federal court how the NSA essentially runs a digital dragnet that can pick up innocent Americans.

Study: Asian Android users at higher risk of malware exposure

Cheetah Mobile's new study showed that Asian Android users have a two to three times greater risk of downloading malware onto their devices.