First worms from MS08-067 are in the wild.


If you don’t remember what MS08-067 is, it’s the emergency “out of band” update that Microsoft released on October 23, 2008.  Not even two weeks later, the first worms that take advantage of this vulnerability are out in the wild.

Internet Storm Center is reporting that the first worm appeared this weekend.  F-Secure, Sophos Antivirus, and Microsoft Antivirus are able to detect this worm.  And if you are running Snort rules, it is able to detect the worm also.

According to Snort, the worm actually triggers two Microsoft Security bulletins.  It triggers the MS08-067 vulnerability that was just released, and it also triggers MS06-040 which was a vulnerability for Microsoft Windows 2000/XP/2003 that was released in August of 2006. 

This means that if you haven’t patched your computer for that vulnerability, then this worm can still get through to you.  The bright side of the coin is that if you are running Snort’s detection rules, you were protected from this first worm already.  But it’s time to update the rules, and it’s most definitely PAST time to update your computer with Windows Update (or Microsoft Update).

What you need to worry about more than anything is that as of today, only three antivirus programs are detecting this.  However if your antivirus updates today, there’s a slim chance that it will recognize the worm.  Watch the Internet Storm Center for more information as companies start releasing signatures for it. I’ll post updates as I receive them as well.

Also, if you want to see how your computer stands up to Microsoft’s security advice, I highly recommend their Microsoft Baseline Security Analyzer located here and downloaded from here.

Have a great day:)

Patrick.

Leave a comment

Your email address will not be published. Required fields are marked *