/>
X

Worm surge exploits Microsoft vulnerability

Both US-CERT and security organization F-Secure have issued warnings, urging IT professionals to apply a Microsoft patch.
colin-barker.jpg
Written by Colin Barker on
Business systems are being attacked by a worm exploiting a known Microsoft vulnerability, IT security experts have warned.

Both US-CERT and security organization F-Secure have issued warnings, urging IT professionals to apply the Microsoft patch.

The malware attacks the vulnerability outlined in MS08-067, a Windows Server service flaw that was patched in October. The worm launches a dictionary attack to attempt to crack user passwords, and uses server-side polymorphism and modification to the Access Control Lists (ACL) "to make network disinfection particularly difficult", F-Secure said in a blog post.

A sign of infection is that user accounts get locked out of the Active Directory domain as the worm tries to crack passwords, said F-Secure.

A removal tool is available at the F-Secure website, as is a detailed description of the malware F-Secure calls Downadup.AL.

Related

Why you should really stop charging your phone overnight
iphone-charging.jpg

Why you should really stop charging your phone overnight

iPhone
Samsung phone deal: Get the Galaxy S22 Ultra for $299
1296x729-29

Samsung phone deal: Get the Galaxy S22 Ultra for $299

Smartphones
The best iPhone deals available right now: July 2022
iphone 12 vs iphone 11 cnet.jpg

The best iPhone deals available right now: July 2022

iPhone