Want CNET to notify you of price drops and the latest stories?

Microsoft on worm watch

Code that exploits a serious Windows flaw is published on the Net, increasing the chance of a worm attack.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers
2 min read
Computer code that takes advantage of a serious Windows flaw has been published on the Internet, increasing the chance of a worm attack.

The release of the attack code, which exploits a security hole in a Windows component related to file and printer sharing, also raises the urgency to patch. Microsoft provided a fix for the problem on Tuesday with security bulletin MS06-040. Tens of millions of Windows users have already downloaded that fix, Microsoft's Security Response Team said on a corporate blog earlier this week.

While the vulnerability affects all versions of Windows, the published exploit code works only on Windows 2000 and Windows XP Service Pack 1, Microsoft said in a security advisory published on Friday.

"This code does not affect Windows XP Service Pack 2, Windows Server 2003 or Windows Server 2003 Service Pack 1," it said.

So far, Microsoft has only seen limited use of the flaw in cyberattacks. Security experts have said that it could be exploited by an Internet worm similar in scope to Blaster, which wreaked havoc three years ago.

Microsoft's emergency response team is on worm watch, the company said.

"We have not seen signs of widespread malicious activity so far. But be assured that, like we always do, we've got our emergency response process teams watching for any possible malicious activity," Christopher Budd, security program manager at Microsoft, wrote on the Microsoft blog Wednesday.

Some security experts, however, don't expect a high-profile worm attack. "A fully automated 'big bang' type worm is increasingly unlikely in an Internet world where under-the-radar attacks take place for criminal gain," said Ken Dunham, director of the rapid response team at security company iDefense.

Instead, Dunham predicts that we will see Trojan horses and semi-automated malicious code attacks that exploit the Windows flaw in such a way that attackers can profit.

"Hacker activity has been light for the MS06-040 exploitation to date but will likely increase with the advent of this coming weekend," Dunham said, adding that all computers connected to the Internet should be patched as soon as possible.

Meanwhile, Microsoft has also verified that the MS06-040 security update works and that patched computers are not at risk from the exploit code. The fix is available via the Windows Update and Automatic Updates tools as well as on Microsoft's Web site.

A day after Microsoft released its fixes, the U.S. Department of Homeland Security issued a rare alert urging Windows users to plug the potential worm hole in the operating system. "Users are encouraged to avoid delay in applying this security patch," the Department of Homeland Security said in the statement.