PCs running a certain configuration of Microsoft's Windows XP operating system have the same security vulnerability exploited by the Zotob worm that ran riot on Windows 2000 systems last week , Microsoft said.

In a "clarification" issued on Tuesday, Microsoft said that PCs running Windows XP Service Pack 1 are also at risk if a file-sharing feature called “Simple File Sharing and ForceGuest” is enabled. The company hadn't seen any attacks trying to exploit this scenario as of Tuesday, it said.

Zotob made headlines last week when it infected systems around the world, including PCs at Time Warner's CNN news network. The virus, which has since appeared in more than a dozen variants, exploits a flaw in a plug-and-play feature of Microsoft's operating system and causes infected machines to continually reboot, among other effects.

Security experts have called it the worst virus outbreak so far this year, although the rate of infections has been falling since late last week as more users patch their systems.

"It's definitely going down all the time," Mikko Hypponen, chief research officer at anti-virus company F-Secure, said in an interview Wednesday.

Most Windows XP users have probably upgraded to Service Pack 2 by now, so the risk to XP machines is probably not very significant, he said. Still, there are now more than a dozen variants of Zotob, at least one of which is spreading via e-mail, which makes it easier for the virus to get behind corporate firewalls, Hypponen said. Users are advised to install the patch Microsoft issued two weeks ago and keep their antivirus definition files up to date.

Microsoft acknowledged in its original security bulletin that some Windows XP machines could be at risk, as well as systems running some versions of Windows Server 2003. But to exploit those operating systems a virus writer would need a valid user log-in, making those systems less vulnerable.

On Tuesday, Microsoft updated its guidance. For machines that are not joined to a network domain - which is likely the case with most home users - and where the Simple File Sharing Feature is enabled, other users can access those PCs using a "guest account," for which a log-in is not required. That means those systems have the same vulnerability that was exploited by Zotob.

The clarification can be found here .

The original bulletin is here .

F-Secure's Hypponen has written a personal account of the of the Zotob outbreak on the company's Weblog .

The IDG News Service is a Network World affiliate.

Whitepapers

• Advancing the Economics of Networking
• Enterprise Data Center Network Reference Architecture
• Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch Offices
• File Integrity Monitoring: Secure Your Virtual and Physical IT Environments
• Boost Productivity While Cutting Costs with Next-generation Collaboration
• Deploying Virtualized NetWare on Linux Whitepaper

View more SECURITY whitepapers

Webcasts

• PoE Plus: Impact on the PoE Market
• Creating a high performance workplace with wireless networking
• Harnessing the power of communications to increase workplace performance
• Making data centers the IT strategic focus
• Protecting assets and employees with IP Video Surveillance
• Stay out of the headlines: Detecting and preventing network intrusions

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• IP address management in 2008 - six things to know
• The self-managed network

View more SECURITY special reports