Microsoft Windows Server RPC bug finds new way to spread

By
Follow google news

Exploits taking advantage of a Windows Server Service vulnerability still are running rampant, nearly 1-1/2 months after Microsoft delivered an emergency fix, according to researchers.


Exploits taking advantage of a Windows Server Service vulnerability still are running rampant, nearly 1-1/2 months after Microsoft delivered an emergency fix, researchers said Friday.

Symantec, over the holidays, spotted another round of infections in the form of a worm known as W32.Downadup. Microsoft is terming the malware Win32/Conficker.

The latest variant finds a new way to take advantage of the highly critical bug, which involves the Remote Procedure Call (RPC) protocol, Symantec researchers said on Friday. In prior attacks, an attacker could execute remote code by sending a specially crafted RPC request.

However, the new exploit "can also spread through corporate networks by infecting USB sticks and accessing weak passwords," Symantec's Security Response department said in a forum post.

"W32.Downadup.B creates an autorun.inf file on all mapped drives so that the threat automatically executes when the drive is accessed," according to Symantec. "The threat then monitors for drives that are connected to the compromised computer in order to create an autorun.inf file as soon as the drive becomes accessible."

On Oct. 23, Microsoft delivered a rare, out-of-cycle patch for the flaw, which was being actively exploited in targeted attacks.

Matt McCormack of the company's Malware Protection Center wrote on Dec. 31 that researchers have detected a new outbreak of the attack, mostly on machines that have yet to apply the patch.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
bugmicrosoftsecurityserversymantecwindows

Sponsored Whitepapers

Migrate enterprise workloads with confidence
Migrate enterprise workloads with confidence
The cloud tipping point
The cloud tipping point
How AI will deliver real business value
How AI will deliver real business value
The multicloud imperative
The multicloud imperative
Your multicloud advantage
Your multicloud advantage

Events

Most Read Articles

Labor bets on agency to monitor AI companies

Labor bets on agency to monitor AI companies
WA man jailed for at least five years for evil twin attack

WA man jailed for at least five years for evil twin attack
Startup finds flaws in popular VoIP products

Startup finds flaws in popular VoIP products
Bendigo Bank taps Google Cloud for first major AI project

Bendigo Bank taps Google Cloud for first major AI project
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?