Search
Homepage Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC Cisco Partner Summit Digital 2020 Lenovo Tech World Newsroom HPE Zone The Business Continuity Center Masergy Zenith Partner Program Newsroom Dell Technologies Newsroom Fortinet Secure Network Hub Hitachi Vantara Digital Newsroom IBM Newsroom Juniper Newsroom The IoT Integrator Lenovo Channel-First NetApp Data Fabric Intel Tech Provider Zone

Microsoft Warns Of Attack Exploiting Windows Vulnerability

Microsoft researchers say that unlike other exploits, this Internet worm actually patches other vulnerabilities to prevent other malware from reaching users' computers.

worm

The worm has the potential to infect other computers across a network by exploiting a critical vulnerability in the Windows Server service.

Microsoft released an emergency patch last month repairing the error. However, if successfully exploited, the vulnerability could enable remote attackers to execute arbitrary code via a malicious file that would allow them to completely take control of a user's PC.

Microsoft researchers first detected attacks exploiting the vulnerability last week. Since then, the number of successful exploits grew to significant levels over the weekend. Researchers reported in a blog that they noticed that the malware "gained momentum" over the last two days, when they saw a significant increase in support calls.

Specifically, the worm deletes any use-created System Restore points, and attempts to contact numerous sites, including those of Google, Yahoo, MSN and ask.com, to obtain the current date, according to researchers at the SANS Institute. The worm then uses the date information to generate a list of domain names, which it then contacts in an attempt to download additional malicious files onto a user's affected computer.

The malware mostly spreads within businesses, however it has also been reported by individual home users, Microsoft said.

Unlike other exploits, the malware actually repairs an API vulnerability on users' unpatched computers.

"It is not that the malware authors care so much about the computer as they want to make sure that other malware will not take it over too," said Microsoft researchers in a blog post.

Reports of active exploits have come primarily from the U.S. However exploits have also been found in Germany, Spain, France, Italy, Taiwan, Japan, Brazil, Turkey, China, Mexico, Cana, Argentina and Chile.

To avoid being affected by the malware, experts recommend that its customers install the necessary update on their machines, which can be found on the Microsoft Web site.

Back to Top

Video

 

trending stories

sponsored resources