Unpatched Windows machines still becoming worm food
Windows users who haven’t applied last month’s emergency security patch are falling victim to a worm exploiting the security gap. Hundreds of home users have been hit by the worm despite it being blockable by basic firewall protection.
As we reported at the time, Microsoft issued a rare ‘out of band security bulletin’ in late October. That’s a security update to treat a problem considered so serious and at risk of exploitation that it can’t be left until the next scheduled update on the second Tuesday of each month.
In this case, the problem affected the Windows Remote Procedure Call, a part of the operating system which handles legitimate cases where one computer needs to access another (for example when using a networked printer). The fear at the time was that hackers could use the problem to spread worm viruses – which make copies of themselves and spread from machine to machine – at high speeds.
The first such case came just a few days later with the Gimmiv.A virus which is normally limited in effect as each variant only works on a specified edition of Windows. Exploiting the RPC problem made it much easier for the virus to jump from machine to machine until it found a suitable target.
Now both Microsoft and security firm McAfee are warning of a sharp rise in a virus known as Conficker.A which also exploits the RPC problem in unpatched machines. The virus is so sophisticated it not only finds vulnerable machines but, once in place, patches the vulnerability itself to make sure the machine it now controls doesn’t become useless thanks to a rival virus.
The virus appears to be particularly prevalent on corporate networks, which makes sense as there links between individual machines are less well protected than for home users. But it has also appeared on “several hundred home PCs” which shows how a problem affecting a tiny percentage of machines (those without firewalls or a properly patched version of Windows) can add up thanks to the sheer number of computer users worldwide.
Related Posts:
