Microsoft has gone outside their usual patch release schedule and has released an emergency patch which everyone running affected versions of Windows is urged to get and install immediately.
The Windows emergency patch is designed to thwart a potential worm which criminals are already said to be using to take over unsuspecting Windows users’ machines. Windows XP, Windows 2000 (“Win 2k”) and Windows Server 2003 are particularly at risk from this worm. Windows Vista and Windows Server 2008 are vulnerable, but their additional requirements for authentication make them slightly less at risk.
According to Microsoft, “If successfully exploited, an attacker could then install programs or view, change, or delete data; or create new accounts with full user rights.”
Microsoft discovered the exploit on their own systems, and is hoping to thwart its turning into a full-blown attack on users in the public sector. According to Andrew Storms, Director of Security Operations at nCircle, who was briefed on the exploit, “The exploits that Microsoft found were found on systems running their Microsoft security software. This is how they became aware of it.”