IT Security & Network Security News & Reviews - eWeek



IT Security & Network Security News

Microsoft Urges Patch but Downplays Security Vulnerability Reports


By: Brian Prince
2008-10-27
Article Rating:starstarstarstarstar / 2


There are  user comments on this IT Security & Network Security News & Reviews story.


In a post on the Microsoft Security Response Center blog, the company stresses the importance of the patch, but downplays media reports of a new worm and talk of exploits targeting a vulnerability in the Server service that was patched last week. According to Microsoft, the malware in question is a Trojan and was uncovered by the company during its initial investigation weeks ago.

Microsoft is downplaying reports of malware exploiting the critical security hole it patched last week.

On Oct. 23, the company released an emergency out-of-band patch for a vulnerability affecting the Server service. According to Microsoft, if the service receives a specially crafted RPC (remote procedure call) request, an attacker could exploit the vulnerability to run arbitrary code.

When Microsoft released the patch, it noted that there were limited attacks being launched by hackers to get users to install a data-stealing Trojan known as TrojanSpy:Win32/Gimmiv.A. This Trojan in turn drops another DLL detected as TrojanSpy:Win32/Gimmiv.A.dll.

While some media reports have called this a new worm, officials at Microsoft said the malware was uncovered during the company’s investigative process a few weeks ago and is a Trojan, not a self-replicating worm. The company still recommends, however, that users move quickly to deploy the patch.

“While deployments of the updates are happening quickly and relatively smoothly, and the threat environment hasn’t changed significantly since Thursday, we don’t want customers to take that as a sign to decrease their pace of, or even delay, deployments for this update,” said a post made Oct. 26 on the MSRC (Microsoft Security Response Center) blog. “This is a critical vulnerability that is being actively attacked, though so far in a limited, targeted fashion. Those were the reasons we released this out-of-band and it is because of this that we continue to urge customers to aggressively test and deploy this update as soon as possible.”

There are a few workarounds for the vulnerability as well. The Windows firewall can also defend against the vulnerability in a default setting. Also, disabling the Computer Browser and Server service on affected systems will prevent remote attacks, according to Microsoft’s advisory.

The out-of-band patch was a rarity for Microsoft. Typically, the company reserves security fixes for the second Tuesday of the month, popularly known as “Patch Tuesday.” The attacks, however, forced the company’s hand. In addition, proof-of-concept exploit code has been circulating the Web and is available on Milw0rm.

“In terms of the overall threat environment, we’ve not seen any major changes so far,” the MSRC blog said. “We are aware that people are working to develop reliable public exploit code for the vulnerability. We are aware of discussion about code posted on a public site, but our analysis has shown that code always results in a denial of service, to demonstrate the vulnerability. So far, we’ve not seen evidence of public, reliable exploit code showing code execution.”







 
 
>>> More IT Security & Network Security News & Reviews Articles          >>> More By Brian Prince
 


FEATURED SPONSOR VIDEOS

Benefits of Workload Optimization

What Smart Companies MUST Learn from Gaming

Advances in Authentication

Vertical Markets Benefit from Workload Optimization

View More Videos

Brought to you by
Advertisement

FEATURED SPONSOR MESSAGE

Microsoft Sponsored Resource Center

Increase Your Microsoft Office 365 Knowledge! Dig inside this suite of cloud-based collaboration tools.

Watch the video >>

Brought to you by

Suggested Related Content:

Articles Labs/How-To Multimedia


Advertisement
Contact Us | About | Advertise | Site Map
eWEEK Quick LInks

Security:
Enterprise Networking
Network Security
Infrastructure Security
How To: Data
Security Watch Blog
Storage:
Data Storage
Cloud Storage
Storage Virtualization
Network Access Storage
How To: Storage
Storage Station Blog
Computing:
Apple OSX
Linux Systems
Windows 7
Managed Print Services
Computer Reviews
Microsoft Watch Blog
Google Watch Blog
Communications:
VoIP Solutions
Wireless Technology
Messaging Software
Web Services
Apps & Development:
Application Development
Enterprise Apps
Search Engines
Database Software
Web 2.0
CIOs

Vertical Markets:
Federal Government IT
Health Care IT
Finance IT
Mid-Market
Channel and VARs
Careers Blog
More eWeek Links:
Green Computing Center
Tech Knowledge Center
Tech Newsletters
Tech RSS Feeds
White Papers
Tech Videos
Magazine Subscriptions
Enterprise Websites:
ZDE Home
eWeek
Baseline Magazine
Channel Insider
CIO Insight
eSeminars and Events
Web Buyers Guide
Developer Websites:
DevSource C# and .Net
Dev Shed
DeveloperShed
ASP Free
SEO Chat
Codewalkers
Tutorialized
Scripts.com
Dev Mechanic
Dev Articles
Web Hosters
Dev Hardware
Technology Websites:
Device Forge
Desktop Linux
Linux Devices
Windows for Devices
PDF Zone
Linux Watch
TechDirect
Windows Migration
Smarter Technology

Use of this site is governed by our Terms of Use and Privacy Policy
Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
ZDE Cluster 5
 
Close this advertisement