One day after Microsoft issued a rare emergency Windows security patch, the bad guys have a few new ways to take advantage of the bug. By Friday, security researchers had identified a new worm, called Gimmiv, which exploited the vulnerability, and a hacker had posted an early sample of code that could be used to exploit the flaw on the Web. Microsoft issued the patch more than two weeks ahead of its next security updates because the bug could be used to create an Internet worm attack and Microsoft had already seen a small number of attacks that exploited the flaw. This vulnerability lies in the Windows Server service used to connect with other devices on networks.
Although the firewall software that ships with Windows will block the worm from spreading, security experts are worried that the flaw could be used to spread infections between machines on a local area network, which are not typically protected by firewalls. And that’s exactly what the Gimmiv worm is designed to do, according to Ben Greenbaum, a senior research manager with Symantec. The worm then loads software that steals passwords, security experts say. Both Symantec and McAfee said Friday that they had seen only a very small number of attacks based on this exploit, but Symantec says that, starting Thursday evening, they found a 25 percent jump in network scans looking for potentially vulnerable machines. That could be a sign that more attacks are coming.
Source: NY Times
No comments:
Post a Comment