Microsoft learns of successful RPC worm infections

Microsoft said a number of customers are infected with worms that successfully exploit the RPC flaw and download malware.

It's been more than a month since Microsoft issued an emergency out-of-band patch to fix a remote call procedure (RPC) flaw, but the software maker says some companies are learning the hard way by failing to deploy the update.

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Microsoft said it has received a "string of reports from customers" saying that they have been infected by a new worm, a backdoor Trojan family that exploits the RPC flaw and then attempts to connect to an IRC server to download more malware and receive additional commands from an attacker.

"We continue to urge customers to deploy the update and make sure their security software is updated with the latest signatures," said Bill Sisk, response communication manager for the Microsoft Security Response Center (MSRC), in an update on MS08-067 emergency patch on the MSRC blog.

Microsoft issued the emergency patch Oct. 23, repairing the vulnerability which left Windows systems dangerously open to attack. It was only the fourth time that Microsoft released a security patch outside of its monthly cycle.

The software maker was worried that attackers could craft a wormable exploit. Within hours after the patch release, security researchers reported the discovery of the first Trojans in the wild attempting to exploit the flaw.

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close