As Expected: New Worm Exploits Latest Windows Hole

As usually happens, only days after Microsoft publish its advisory regarding a serious problem with RPC a worm was unleashed to exploit the vulnerability.

The advisory, MS08-067, indicates that the vulnerability exists in Windows 2000, XP, Server 2003, and Vista. So far the worm is known to work against Windows 2000, Windows XP, and Windows Server 2003. However that could change at any second.

According to Symantec the worm drops itself into place, creates a couple of necessary registry keys, deletes the cached copy of the Server service DLL, attempts to download 2 files from various remote servers, reports its IP to another remote server, then proceeds to attempt to spread itself to other systems on the local network.

F-Secure reported that they were seeing the first signs of worm code last week. That particular code tries to add the Guest account to the Administrators group. Obviously not a good thing.

I hope your systems are patched.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.