Dec 17, 2008
Security researchers at Microsoft Corp. late yesterday warned of a significant increase in exploits of a Windows bug that the software vendor patched with an emergency fix last month, confirming earlier reports by Symantec Corp. Microsoft again urged users to apply the MS08-067 patch if they have not already done so. The new attacks, which Microsoft’s Malware Protection Center said began over the weekend but spiked during the past two days, use the same worm that Symantec first spotted last Friday. Dubbed “Conficker.a” by Microsoft and “Downadup” by Symantec, the worm exploits a vulnerability in the Windows Server service, which is used by all versions of the operating system to connect to file and print servers on a network. Microsoft patched the bug in an out-of-cycle update five weeks ago, after it discovered a small number of infected PCs, most of them in Southeast Asia. The worm also resets the machine’s system restore point, said Microsoft in its technical write-up, which may make it difficult or impossible to “roll back” Windows to a pre-infection state. PCs that have been patched with the MS08-067 fix are protected, Ziv Mador, researcher with the Microsoft Malware Protection Center, stressed. [ Source: ComputerWorld ]