Microsoft: Customers play "Russian roulette" with their systems
Roger Halbheer, Microsoft EMEA's chief security advisor says Microsoft security support was at its limits over the new year. This was due to an outbreak of a new variant of the Conflicker worm, which has been known since October 2008 to be exploiting a vulnerability in the RPC server in Windows. Although Microsoft issued an "out of band" security update (MS08-067) at the end of October, it seems many customers have still not installed it.
Halbheer said "Unfortunately there are still plenty of customers playing Russian Roulette with their network". While the worm is not widespread, where it has struck it has caused serious damage with account lockouts and the administrator password taken. In the closing days of 2008, Conficker.B broke out, again, not widely spread, but doing similar damage. Halbheer says "we had some really upset engineers as they had to work, instead of having the holidays off, because some customers had not bothered with the update".
Halbheer also noted that some Windows NT systems were also infected, but with support for NT 4 having ended in 2004, there is no patch for the issue. He advises that NT and NT embedded systems should be isolated and that customers work with vendors to migrate away from that platform.
Elsewhere, F-Secure noted several reports of new infections with Conflicker and are providing a free removal tool for the worm. However, this tool is only of use if it is possible to then apply the MS08-67 patch. It is also possible for Conflicker to be spread via USB memory sticks.
- Microsoft patches critical hole in its RPC service, heise Security report
- Windows worm infection accelerates, heise Security report