Government technology teams and contractors were scrambling late Thursday and Friday to apply an urgent Microsoft security patch which was released "out-of-band" (or outside the normal "patch Tuesday" schedule).
The Microsoft website offered details of how to get the updates.
Computerworld offered two stories related to the critical new vulnerability. The first story described attack code for critical Microsoft bug, and another article released on Saturday described how the Gimmiv worm feeds on latest Microsoft bug.
Microsoft released the patch two weeks prior to the normal schedule, since they were seeing active attacks on the Internet. According to Computerworld:
"Both Symantec and McAfee Inc. said today that they had seen only a very small number of attacks based on this exploit, but Symantec says that, starting yesterday evening, it found a 25% jump in network scans looking for potentially vulnerable machines. That could be a sign that more attacks are coming.
That scenario becomes more likely, too, as more tools that exploit the flaw are released to the public. Sample exploit code was posted to the Milw0rm.com hacker site today, and over the next few days hackers are expected to move that code into attack tools that are easy to use."
Some experts were predicting that the attack code will soon be used to build botnets with infected computers. What is clear is that all governments need to respond immediately and apply the patch, if they haven't already done so last week.
Has anyone seen this attack on their networks?
Leave a comment