Microsoft warns of malicious code for Server service vulnerability
Following the publication of warnings by a number of security institutions over the last week, Microsoft has now issued a security bulletin, in which the company warns of published malicious code for the vulnerability in the Server service. Security experts in Redmond have examined the exploit code and come to the conclusion that the code only functions in Windows 2000 and Windows XP with service pack 1.
Microsoft knows only of small, targeted attacks which have exploited this vulnerability. No large scale attacks have yet been discovered. The Internet Storm Center has, however, discovered that Windows 2000 servers are actively being attacked. The attackers appear to be trying to build a botnet.
The Microsoft security bulletin once more recommends applying the available patch. Where this is not possible, ports 139 and 445 should be protected by using either a firewall or IPsec. Administrators of Windows 2000 systems should where necessary configure the inbuilt TCP/IP filter appropriately.
F-Secure has also identified malicious code which is spreading using this vulnerability. It is called Mocbot (Backdoor.Win32.IRCBot.st) and is an IRCbot. LURHQ gives further details.
- Exploit Code Published Affecting the Server Service, Microsoft security bulletin
(ehe)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
