News

Conficker Worm Still Wreaking Havoc on Windows Systems

Users of Windows Server service that haven't patched a previously disclosed worm hole (MS08-067) are taking a big risk.

Users of Windows Server service that haven't patched a previously disclosed worm hole (MS08-067) are taking a big risk. More and more enterprises continue to get hit by a Conficker worm variant, according to Roger Halbheer, chief security adviser for Microsoft's Europe, Middle East and Africa Group, in a blog post on Wednesday.

Microsoft on Tuesday released its January security update. However, the company is still trying to get Windows pros to fix an issue that first appeared as an out-of-band bulletin back in October. That patch was supposed to take care of a remote code execution (RCE) exploit in remote procedure call requests (RPC) that could affect a whole network if harnessed by hackers.

These stepped-up warnings from Microsoft come after independent ITSec shop Panda Security said in several reports that Windows users haven't seen the last of the RCE exploit. Both Panda and Symantec officials have said they've seen increased attacks, as well as a growth in malware, deriving from Conficker attacks.

In cases where the security patch hasn't been applied, Conficker-type bugs can ding Windows-based PCs with malicious RPC packets. Specifically, the bug allows corrupt subroutines on a network to be executed automatically. The worm can affect Windows 2000, XP and Vista operating systems, as well as Windows Servers 2003 and 2008.

Because this month's patch cycle was so thin, now might be the moment to look seriously at the October fix, experts say.

"For administrators who failed to patch the RPC vulnerability that was reported back in October 2008, this is the best time to go back and patch the issue," said Paul Henry, security and forensic analyst for endpoint security outfit Lumension. "Security experts are starting to see new variants appearing in the wild for this. We're seeing more widespread use of the vulnerability today than we did back in October."

The fact that so many Windows systems seem to be at risk raises questions about security patch turnaround times in the enterprise. A Qualys survey found that more than 50 percent of machines get patched after approximately 30 days.

"After that period, we see the patch rates go down and the overall number of machines that are attackable only slowly diminishing," said Wolfgang Kandek, chief technology officer of Qualys Inc. "Unfortunately this leaves enough machines to be exploited by the "Conficker" worm types even today, over 45 days later."

Kandek sees a general lack of alarm among IT pros.

"We would have liked to see a faster reaction by the computer users given the significance of the patch but there still seems to be a barrier to reach everybody and make them understand the urgency of patching."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

comments powered by Disqus

Featured

  • Vendors Update Controls for .NET Core 3.1, Blazor

    This week saw two third-party vendors of dev tools -- UX and UI toolkits and controls -- release new offerings that include support for two of Microsoft's main open source frameworks, the cross-platform .NET Core 3.1 and Blazor, which allows for creating browser-based web applications with C# instead of JavaScript.

  • C++ Is Focus of New Visual Studio 2019 v16.7 Preview 2

    C++ development is a focus point of the new Visual Studio 2019 v16.7 Preview 2, featuring a slew of tweaks and improvements touching upon remote SSH connections, IntelliSense support and more.

  • Clustering Non-Numeric Data Using C#

    Clustering non-numeric -- or categorial -- data is surprisingly difficult, but it's explained here by resident data scientist Dr. James McCaffrey of Microsoft Research, who provides all the code you need for a complete system using an algorithm based on a metric called category utility (CU), a measure how much information you gain by clustering.

  • So What's Up with Microsoft's (and Everyone Else's) Love of Rust?

    Microsoft already stewards several popular programming languages -- C#, TypeScript, F# -- so what's up with its love of Rust, along with the rest of the world?

  • C# Steps Up Programming Language Popularity Ladder

    Microsoft's C# programming language climbed a year-over-year notch on the TIOBE Index, which measures popularity among developers.

.NET Insight

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.

Upcoming Events