Major Windows worm attack 'imminent'

Latest Windows vulnerability could allow complete control of an affected system

Security firm nCircle has warned of an imminent worm attack that is likely to exploit a vulnerability patched by Microsoft last week in the MS06-040 security bulletin. 

The US Department of Homeland Security last week took the unprecedented step of warning Windows users to install a new security patch issued by Microsoft. 

The warning followed an announcement by Microsoft that an attacker who exploited the vulnerability "could take complete control of an affected system" making it possible to install malicious programs or to change or delete data.

Owing to the nature of this particular Windows vulnerability, the imminent worm is likely to be widespread, fast-moving and could cause significant network downtime, nCircle believes.

"Peak infection could happen within hours. Many businesses will not be prepared for this worm unless they have installed the latest patch from Microsoft, a difficult feat given the short time between the patch release and exploit availability," the company said.

Minoo Hamilton, senior vulnerability researcher at nCircle, warned that malware creators are working overtime to make a worm out of this latest vulnerability in the Microsoft Windows Server service.

"When that happens, it will definitely test the ability of organisations to effectively patch and protect systems," stated nCircle.

"If effective propagation mechanisms are used, it could very well be on the scale of MSBlaster, and I would expect something any time from two weeks to two hours.

"This is as close to the worst-case scenario as we've seen in the past three years - a threat that is eminently wormable."