In association with heise online

14 August 2006, 09:35

Microsoft warns of malicious code for Server service vulnerability

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Following the publication of warnings by a number of security institutions over the last week, Microsoft has now issued a security bulletin, in which the company warns of published malicious code for the vulnerability in the Server service. Security experts in Redmond have examined the exploit code and come to the conclusion that the code only functions in Windows 2000 and Windows XP with service pack 1.

Microsoft knows only of small, targeted attacks which have exploited this vulnerability. No large scale attacks have yet been discovered. The Internet Storm Center has, however, discovered that Windows 2000 servers are actively being attacked. The attackers appear to be trying to build a botnet.

The Microsoft security bulletin once more recommends applying the available patch. Where this is not possible, ports 139 and 445 should be protected by using either a firewall or IPsec. Administrators of Windows 2000 systems should where necessary configure the inbuilt TCP/IP filter appropriately.

F-Secure has also identified malicious code which is spreading using this vulnerability. It is called Mocbot ( and is an IRCbot. LURHQ gives further details.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit