Vista SP1 and XP SP3 Vulnerability Hit by Malware

Microsoft issued a warning related to the detection of new examples of malicious code in attacks attempting to exploit a vulnerability affecting various Windows client and server releases. In October, the Redmond giant put out an out-of-band security patch designed to plug a vulnerability residing in the Server Service on Windows systems. According to the company, a successful exploit of the security flaw would lead to remote code execution. The patch was released on October 23, 2008, and will render attacks useless.

“We have seen some new pieces of malware attempting to exploit this vulnerability this week. And while so far, none of these attacks are the broad, fast-moving, self-replicating attacks people usually think of when they hear the word ‘worm,’ they do underscore the importance of deploying this update if you haven’t already,” revealed Security Response Communications Lead, Christopher Budd.

Budd indicated that Microsoft was seeing consistent deployments of the MS08-067 patch, and urged customers that had failed to update so far to do so as soon as possible. At the same time, Microsoft provided a list of malware built to exploit the Server Service vulnerability, including:

Trojan:Win32/Wecorl.A;
Trojan:Win32/Wecorl.B;
Trojan:Win32/Clort.A;
Trojan:Win32/Clort.A!exploit;
Trojan:Win32/Clort.A.dr;
TrojanDownloader:Win32/VB.CQ
and
TrojanDownloader:Win32/VB.CJ.

“None of these are broad, fast-moving, self-replicating attacks. They’re similar to the original attacks we detected, in that they focus on loading malware onto vulnerable system. They’re also similar in that the overall scope of these attacks is very limited. The largest of these attacks are those associated with Clort family and we’ve seen well below fifty attacks worldwide,” Budd said, adding that Microsoft was only aware of limited attacks attempting to exploit the vulnerability, and not of a widespread threat.

Tags: malware, Microsoft, Remote, service, SP1, trojan, trojan win32, TrojanDownloader, trojandownloader win32, vista sp1, warning, Windows, worm, xp sp3

This entry was posted on Thursday, November 6th, 2008 at 5:18 pm and is filed under Windows Vista, Windows XP. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Related posts

• Network Access Protection for XP SP3 and Vista SP1 (1)
• XP SP3 and Vista SP1 Share New Critical Vulnerabilities (1)
• Windows XP SP3 Release Candidate RC2 (0)
• Slipstream IE8 into Vista SP1 Images, but Not into XP SP3 (0)
• From XP SP3 and VistaSP1/SP2 to Windows 7 (0)
• XP SP3, Some Problems Emerge (2)
• XP SP3 RTM and Vista SP1 RTM (1)
• XP SP3 Installation Failure Errors (0)
• XP SP3 and Vista SP1 Will Own Linux-Free Desktops until Windows 7 (1)
• Windows XP SP3 RTM Multilingual User Interface (MUI) Pack (11)
• Windows Vista: An FAQ for Nonprofits (0)
• Windows Vista SP1 Volume Licensing (0)
• Windows Vista SP1 Standalone Packages (0)
• Windows Vista and Malware Immunity (0)
• Windows Service Pack Blocker Tool (0)
• Windows PowerShell 2 CTP3 (0)
• Windows PowerShell 1.0 for XP SP3 (0)
• Windows Media Player Infection Sends Users to QuickTime (0)
• Windows Malicious Software Removal Tool (1)
• Windows Defender for vista (0)