Microsoft is warning users of a rise in attacks on a vulnerability in Windows that could trigger a worm infestation on networks, and the company is encouraging companies to apply an emergency patch released in October.
Microsoft says it has reports from users on a worm called Win32/Conficker.A, which infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.exe).
The worm is taking advantage of a known vulnerability that if successfully exploited, Microsoft says, could allow remote code execution when file sharing is enabled.
There is exploit code publicly available that takes advantage of a hole Microsoft plugged last month with patch MS08-067. The vendor is recommending that users apply the patch as soon as possible. (Compare Patch and Vulnerability Management products.)
MS08-067 was an emergency patch released on Oct. 23, more than two weeks after Microsoft’s monthly patch cycle called Patch Tuesday. The last emergency patch released was in April.
“Recently we’ve received a string of reports from customers that have yet to apply the update and are infected by malware,” Microsoft’s Bill Sisk wrote on the Microsoft Security Response Center blog.
Just last week, security researchers were split on whether attacks exploiting the worm vulnerabilty were on the rise.
On Nov. 5, Microsoft and others reported that they were beginning to see attackers aiming at Windows Server 2000, XP, 2003 and other versions of the operating system with what the vendor called a “wormable exploit.”
The November report also said Microsoft had detected up to 50 attacks worldwide.