24 Oct 2008
Microsoft has issued a 'critical' fix for Windows users following reports of targeted attacks against a vulnerability in the server component for all currently supported versions of Windows and Windows Server.
An attacker could exploit the flaw by sending a specially-crafted Remote Procedure Call packet. A successful exploit would allow the attacker to remotely execute code on the target system.
The reported attacks are believed to be targeted and not widespread, but Microsoft is releasing a fix for the flaw through its automatic update services.
The bulletin is rated 'critical' for all versions of Windows and Windows server with the exception of Windows Vista and Server 2008, which carry a less severe 'important' risk due to protections which limit the attack to authenticated users.
Microsoft normally prefers to release all security updates as a single download on the second Tuesday of each month. When in-the-wild attacks occur, however, the company will sometimes release unscheduled 'out of cycle' security fixes.
Part of the risk, according to experts, comes from the dangerous nature of the vulnerability. Because it can be exploited without any user interaction, a malware infection could spread silently among millions of computers without detection.
Security firm Lumensia issued a statement urging users and administrators to update their systems as soon as possible.
"An exploit designed around this vulnerability can propagate without user interaction from machine to machine, similar to worms from years ago such as Code Red and Nimda," said the company.
"As this security update addresses a vulnerability that is currently being exploited, IT administrators should take immediate action to patch it."
Users can obtain the fix via the Microsoft Update or Windows Update components, or through the company's direct download site.
Latest stories from Security
Related videos
Related articles
Related jobs
Poll
What will be the biggest change to corporate technology in the future?
TFL director of Games transport Mark Evers discusses how the public transport network is preparing for this summer's event
Connect with V3.co.uk
The wrong printers, for the wrong tasks on the wrong contracts
Who leads the BI pack and who should we be watching out for?
HTML, CSS, Flash - Web Content Editor - Photoshop, Dreamweaver...
Biomass Programme Manager/Engineering/Supply Chain/Heavy...
Head of Compliance My client is currently seeking...
THis role is working for a multi national Financial organisation...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?