Experts Ratchet Up Windows Worm Warnings

The bug in question is one of 23 patched Tuesday by Microsoft. It affects all currently supported versions of Windows, can be exploited without end users needing to do anything, and according to some security watchers, rivals the bug that led to 2003's destructive MSBlast attack.
"There will be a lot of [attacker] activity around this, but we'll have to watch how this matures in the next few days to know whether a worm's probable." nCircle's Murray was more sure.

"We'll see proof-of-concept code that takes over the system within 48 hours," Murray said.

"It's only a matter of time or luck before this turns into the scale of MSBlast. Essentially, every Windows system is vulnerable. This is one of those worst-case 'pull the plug on the Ethernet cable' events."

Exploits have also been released for commercial customers of Core Security's Core Impact testing tool and Immunity 's Canvas software, Dunham noted.

Early Thursday, Christopher Budd, security program manager at Microsoft's Security Response Center (MSRC), affirmed the company's patch-now stance on MS06-040. "We've got our Emergency Response process teams watching for any possible malicious activity," wrote Budd on the center's blog. More than 100 million copies of the MS06-040 patch were downloaded in the first 30 hours after its Tuesday release, he added.

The next two to four days should tell the tale of the bug.

"It's very important to patch right now," said Dunham, "because most exploits are developed in the first week after the vulnerability is disclosed. It not by then, then four or five days later, but by then most people are patched."

"This is the real thing," said Murray. "It's not a false alarm."

The Windows 2000, XP, and Server 2003 patches for the MS06-040 Server service flaw can be obtained via Microsoft and Windows Update services, or directly from this Microsoft site. Additionally, on Wednesday eEye Digital Security posted a free-of-charge tool that scans networks and its Windows systems to identify those at risk. The tool can be downloaded from here.

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing