Article

Microsoft learns of successful RPC worm infections

SearchSecurity.com Staff

It's been more than a month since Microsoft issued an emergency out-of-band patch to fix a remote call procedure (RPC) flaw, but the software maker says some companies are learning the hard way by failing to deploy the update.

    Requires Free Membership to View

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Microsoft said it has received a "string of reports from customers" saying that they have been infected by a new worm, a backdoor Trojan family that exploits the RPC flaw and then attempts to connect to an IRC server to download more malware and receive additional commands from an attacker.

"We continue to urge customers to deploy the update and make sure their security software is updated with the latest signatures," said Bill Sisk, response communication manager for the Microsoft Security Response Center (MSRC), in an update on MS08-067 emergency patch on the MSRC blog.

Microsoft issued the emergency patch Oct. 23, repairing the vulnerability which left Windows systems dangerously open to attack. It was only the fourth time that Microsoft released a security patch outside of its monthly cycle.

The software maker was worried that attackers could craft a wormable exploit. Within hours after the patch release, security researchers reported the discovery of the first Trojans in the wild attempting to exploit the flaw.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: