Security analysts at Gartner believe a flaw in Windows may be used to create a worm similar to last year's devastating "Blaster".
Last week Microsoft confirmed a flaw exists in its implementation of Abstract Syntax Notation (ASN) which could be exploited by an attacker to remotely run malicious code and take control of the target. ASN is used to describe communications protocols, and used indirectly by a multitude of services on Windows platforms.
All versions of Windows are affected, and Microsoft has released a patch, some six months after being notified of the flaw by researchers eEye Digital.
A report from Gartner, written by analysts including senior security analyst John Pescatore, warns the ASN vulnerability "presents attackers with the opportunity to unleash another MSBlast-class worm outbreak...mass attacks will almost inevitably attempt to exploit this vulnerability within the next few weeks."
Last August Blaster spread across the world in a matter of hours, bringing networks to a crawl as it scanned for new targets, and launched a denial of service attack against windowsupdate.com.
The patch is available from Microsoft here: https://www.microsoft.com/technet/security/bulletin/MS04-007.asp
