Security experts warn of Windows worm

Fears are growing of a new Windows worm after security companies reported that exploit code is already circulating for three Microsoft patches released on Tuesday.

Within 24 hours of the patches coming out Symantec's DeepSight Threat Management System issued an alert over patch MS05-051. The security firm has issued a signature for its intrusion detection systems.

"The DeepSight Threat Analyst Team has created the signature to detect attempts to bind to the MSDTC RPC interface," said Symantec in a statement. "It has been successfully tested against a client communicating with the interface. "

At the same time, security testing firm Immunity announced that it had developed exploit code for three Microsoft patches. 

The code has only been shared with trusted partners and is intended as proof-of-concept only. Nevertheless its quick creation has worried many in the industry.

"It is always hard to predict these things, especially with worm outbreaks," said Graham Cluley, senior technology correspondent at Sophos.

"But one group has done this, and others will too. It is not too hard to reverse-engineer a patch by looking at what Microsoft has done, and there were some serious patches in this last batch."

Microsoft is advising IT administrators to patch as soon as possible. The advisories and patches are available here:

• DirectX versions 7.0 to 8.1
• Internet Explorer 5.01 to 6.0
• MSDTC and Com+ components 

See also:

Microsoft pulls critical security patch

Undisclosed security vulnerability to remain unpatched  12 Sep 2005

Experts divided on Microsoft worm threat

Optimists v pessimists  18 Aug 2005

Windows worm knocks down corporations

Some firms forced to undust their old typewriters  17 Aug 2005

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!