Microsoft issues an out-of-cycle patch to fix a flaw being exploited by hackers. The vulnerability lies in the Server service and affects users of Microsoft Windows 2000, Windows XP, Windows Server 2003 and Windows Vista.
With hackers at the door, Microsoft released
a critical security
fix for a remote code execution flaw in the Server
The vulnerability is caused by the Server service failing to properly handle
specifically crafted RPC (remote procedure call) requests. The Server service
provides RPC support, file and print support, and named pipe sharing over the
According to Microsoft, attackers have already begun limited, targeted
attacks to exploit the vulnerability. If successful, an attacker could take
control of a compromised system. In addition to the patch, Microsoft officials
confirmed the attack can be blocked
using the Windows firewall
, which in an out-of-the-box scenario blocks
the hacker from reaching the RPC interface.
"It is possible that this vulnerability could be used in the crafting of a
wormable exploit," Microsoft warned in the bulletin. "Firewall best practices
and standard default firewall configurations can help protect network resources
from attacks that originate outside the enterprise perimeter."
The issue affects users of Microsoft Windows 2000, Windows XP and Windows
Vista, as well as Windows Server 2003 and Server 2008.
On Windows 2000, XP and Windows Server 2003, any anonymous user with access
to the target network could deliver a specially crafted network packet to
exploit the vulnerability. However, on Windows Vista and Windows Server 2008
systems, only an authenticated user with access to the target network can
deliver the packet.
The release comes less than two weeks after Microsoft's monthly
, which featured 11 security bulletins.
"In normal situations, administrators could typically test the patch against
their production network to ensure the patch does not break any functionality,"
said Jason Miller, security data team manager at Shavlik
Technologies. "But in this situation, administrators should patch this
vulnerability immediately to their servers and workstations."