Microsoft Tuesday issued a patch for a critical vulnerability in Windows Server services, and the Department of Homeland Security warned that the weakness could put the nation's infrastructure at risk.
Windows Operating Systems users are encouraged to avoid delay in applying this security patch. Attempts to exploit vulnerabilities in operating systems routinely occur within 24 hours of the release of a security patch. This vulnerability could impact government systems, private industry and critical infrastructure, as well as individual and home users.
Microsoft emphasized the importance of installing this patch. Christopher Budd, a security program manager with Microsoft's security response center, said: "The top thing that we're trying to help people understand is we want them to take 06-040 and put it at the top of the stack."
According to a news report:
Attackers have already started exploiting the vulnerability in a limited manner, Budd said. A sample exploit has been published within Immunity's security testing toolkit and snippets of the malware are beginning to circulate in public, security vendors said.
The bug is of particular concern because Windows Server services are generally enabled by default on Windows systems, and a worm based on the flaw could end up being widespread. Windows Server services are used for common network applications like file sharing and printing.