In an unusual advisory, the U.S. Department of Homeland Security (DHS) urged PC users and system administrators to apply a recently released patch for Microsoft Windows as soon as possible.
The department also said users should keep their operating systems up to date on security patches and install anti-virus solutions which are also current. PC users should also avoid emails from unknown sources and unexpected attachments from known sources.
A representative from DHS could not immediately be reached for comment.
Security Bulletin MS06-040, which Redmond released earlier this week as part of the Patch Tuesday release cycle, fixes a flaw in Windows server service that could allow remote code execution.
The fix was one of a dozen patches released by Microsoft this week.
A company spokesman, who asked not to be identified, said today that the Redmond, Wash., company is working with federal officials.
"In each case where this occurs, including this instance, Microsoft works directory with the DHS to provide them with the information regarding the update for their advisory," the spokesman said. "Microsoft has rated MS06-040 as ‘critical,' our highest severity rating and encourages customers to deploy this update on their systems as soon as possible given that we are aware of targeted exploitation of the vulnerability."
Christopher Budd, security program manager at Microsoft, said on the Microsoft Security Response Center blog that the company hadn't seen indications of widespread malicious activity.
"And, of course, like we did with Sasser and Zotob, should a malicious attack occur, our teams are ready to assist our partners in law enforcement with their investigations," he said.
The U.S. Computer Emergency Readiness Team (US-CERT) issued an alert this week through its National Cyber Alert System, as well as briefing CIOs and CISOs.
The SANS Institute's Internet Storm Center said today that the host-based firewall in Windows Service Pack 2 should protect the machine from this exploit. The organization warned, however, that many system administrators turn the firewall off for ease of use.
Jonathan Bitle, manager of the technical accounts team at Qualys, said today that the flaw "would have a classification of critical within most organizations."
"Anywhere this service is enabled could be easily exploited," he said. "However, there are particular versions of Microsoft operating systems that are not exploitable by exploits out in the wild so far."
Amol Sarwate, director of Qualys' vulnerability research lab, said today that he has seen exploits "from different sources, as well as a couple of versions of exploits."
"People are trying to fine tune these exploits and make sure they're as accurate as possible," he said.