DHS: Apply the Microsoft Server service patch as soon as possible [Update]
The update to the MS06-040 security bulletin from the recent Microsoft patch day fixes a critical security vulnerability in the Server service, through which a worm similar to Sasser could spread. Malware which gains access to a computer using this vulnerability can gain complete control with SYSTEM privileges. Security institutions therefore recommend installing the patch as soon as possible.
The US Department of Homeland Security (DHS) warns that the vulnerability in the service, which provides RPC support and disk and printer sharing, is already being actively exploited. The UK Government CERT UNIRAS has also issued a Technical Cyber Security Alert on this issue.
A worm which exploits this security vulnerability could cause considerable damage to company networks. The US security authorities are advising businesses and public institutions in particular to avoid any delay in rolling out the patch. Microsoft also recommends using a firewall to block ports 139 and 445. The security service provider eEye offers a free scanner, with which administrators can check whether the update has been successfully installed on computers on the network.
H. D. Moore, the main developer of the Metasploit project, has published an exploit-module for the Metasploit framework. This module takes advantage of the security hole in the Server Service. It is quite simple for programmers to create malware based upon this demo-exploit.