Microsoft releases critical patch – Trojan virus on the loose

24 Oct 2008

Microsoft last night released a critical patch separate to its usual patch cycle to counter a significant new virus threat similar to the MSBlaster worm outbreak. Users are urged to take immediate action.

The new patch, MS08-067, is outside Microsoft’s normal patch cycle, which infers that the software giant is concerned about the threat.

Sophos has warned of a new Windows virus called Troj/Gimmiv-A that installs itself in a registry and can send information about the infected computer to a remote website, including information about what anti-virus product is being run.

“The vulnerability could allow an attacker without authentication to remotely run arbitrary code using a specially crafted RPC request on Microsoft Windows 2000, Windows XP and Windows Server 2003 systems,” said security expert, Brian Honan of BH Consulting.

“This is similar in nature to how the MSBlaster worm propagated throughout the internet and this vulnerability could be used in the same way. Microsoft have reported that it has seen live targeted attacks on some customer systems using this vulnerability.”

Honan said no details have emerged yet on the impact of the worm, but said that internet security monitory, Storm Center, has changed InfoCON to yellow as of last night, which means it is currently tracking a significant new threat.

“If Microsoft feel that this is critical enough to warrant an out-of-cycle patch, then it is important that we all test and apply the patch as soon as possible,” Honan said.

By John Kennedy

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com