Blaster/Lovsan worm spreading rapidly

Windows users have been warned of a fast-spreading worm which uses a documented Remote Procedure Call (RPC) buffer overrun vulnerability to take control of PCs.

The malicious code, dubbed Worm/Lovsan.A, discovered yesterday, attempts to exploit a documented vulnerability in Microsoft's Windows Distributed Component Object Model RPC interface.

The worm is also known as Blaster. It is spreading quickly to thousands of machines around the globe, according to initial reports from Network Associates customers.

It takes over compromised PCs through the RPC buffer overrun security hole in unpatched Microsoft Windows NT, Windows 2000, Windows XP and Windows Server 2003 operating systems.

Once the victim machine is infected a hacker can execute any code on it.

The TCP ports directly affected by this exploit include 135. Worm/Lovsan.A will download and run the file msblast.exe using the Trivial File Transfer Protocol.

"Unfortunately, unpatched systems are again proving to be a vector for fast-spreading internet-based worms," said Steven Sundermeier, vice president of products and services at Central Command.

"Updating antivirus software and patching systems against the latest exploits and vulnerabilities should become standard habit."

Further advice on the worm and patches for it are available from Microsoft here.