Aust companies warned to patch

According to reports, the latest security bulletin is one of more than 20 fixes and security patches that have been released by Microsoft since July.

John Donovan, managing director at security vendor Symantec Australia, said that people needed to patch once again, before someone potentially writes another exploit.

“It's a fairly forceful, balanced message”, the company was trying to get across to people, Donovan said.

He said that the amount of time between the discovery of vulnerability and the release of an exploit was shrinking, with the recent Blaster worm taking only two weeks before an exploit was released.

The number of higher-level alerts the vendor issues had also increased over recent months. ”There were three level four and one level three worm attacks within an eight day period,” Donovan said. “Generally we would see about one level four attack every six months.”

Symantec's security response team has raised its ThreatCon rating from a level one to a level two, for the three vulnerabilities discovered in Windows RPC DCOM subsystem. “The Blaster/Welchia worms took advantage of a similar vulnerability -– the Microsoft RPC DCOM Interface Buffer Overrun vulnerability announced in July 2003,” the company said in a statement.

The vendor said it hadn't seen any exploit targeting the latest vulnerability in widespread public distribution. “However, given the attention that the Microsoft RPC DCOM subsystem has received from the security community in recent weeks, Symantec Security Response believes that a working exploit may be launched in the near future,” it stated.

Symantec also warned that systems that had been patched against the Blaster/Welchia worms were still exposed to the new vulnerabilities.