First Microsoft, and now McAfee is warning Windows users to expedite the process of applying a patch for a Critical vulnerability in Server Service affecting both client and server versions of the operating system.
According to the Redmond company, all supported platforms are vulnerable, including Windows 2000, Windows XP (even SP3), Windows Vista RTM/SP1, Windows Server 2003, Windows Server 2008 and Windows 7. McAfee has indicated that users not deploying the patch are vulnerable, while Microsoft has already informed that it had detected active attacks and infections in the wild, following a period when exploits were just targeted.
Users and their “machines are sitting ducks for attacks such as MS08-067, which we learned about from Microsoft last month. This type of attack is especially dangerous if your Windows Updates or security products are not up to date. Microsoft released its out-of-cycle emergency patch on the 23rd of October - more than one month ago - so you have no excuse today for being at risk,” stated McAfee security researcher Alex Hinchliffe.
As did Microsoft, McAfee warned that it had detected the Conficker Worm associated with exploits targeting this vulnerability. Conficker not only infects vulnerable operating systems lacking the MS08-067 security update, but also patches the copies of Windows so that additional malware be unable to exploit the same security hole.
“Once loaded in the service space, the worm attempts to download files from the Internet - specifically, further malware from trafficconverter.biz and data files from maxmind.com. The worm continues by setting up an HTTP server that listens on a random port on the victim’s system while hosting a copy of the worm. It then scans for new vulnerable victims to exploit, at which point the new victim will download the worm from the previous victim and so on,” Hinchliffe added.