05:32 PM

Exploit For Worst Bug Of August On The Loose

Security experts said the MS06-040 bug was the worst of the 23 patched by Microsoft this week. Now they say it's being used in attacks.

A day after Microsoft posted a dozen patches for Windows and Office, the one pegged by security analysts as the most dangerous is being used in attacks, the federal cyber-agency said.

According to an advisory issued Wednesday by US-CERT, the arm of the Department of Homeland Security that disseminates information about developing computer threats, an active exploit of the buffer overflow bug in Windows' Server service has been confirmed.

"If a remote attacker sends a specially crafted packet to a vulnerable Windows system, that attacker may be able to execute arbitrary code with system privileges," US-CERT said in the warning.

In its MS06-040 security bulletin, Microsoft spelled out the problem with Server service, a component responsible for sharing of local resources such as drives and printers, with others on the network. Attackers could exploit the buffer overflow vulnerability, Microsoft said, without any user intervention.

Tuesday, security experts agreed that the MS06-040 bug was the worst of the 23 patched by Microsoft. That feeling only intensified Wednesday, as others, including Microsoft itself, weighed in.

"Potentially, there a lot of folks who could be vulnerable [to this vulnerability]," said Patrick Martin, senior product manager with Symantec's security response team. Add that to a hands-off exploitation of the bug and you have "a pretty potent combination," he added.

"Users may not even know [an attack] has happened."

For its part, Microsoft took the unusual step of highlighting the Server service flaw as the most critical of 16 critical bugs patched Tuesday. In an entry to the Microsoft Security Response Center's official blog, the team called out the vulnerability as first among equals.

"While we always recommend applying any updates rated "Critical" as soon as possible, we are recommending that customers give priority to MS06-040 for testing and deployment due to technical specifics around the vulnerability," the MSRC advised.

1 of 2
Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
Increasing IT Agility and Speed To Drive Business Growth
Learn about the steps you'll need to take to transform your IT operation and culture into an agile organization that supports business-driving initiatives.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.