Did you patch? Worm exploits Windows bug

A bug that Microsoft patched in a security release nearly two weeks ago, is actively being exploited by a worm.


F-Secure said that the just-released worm is based on the exploit code that had been posted online last week. nCircle's Storms agreed that's likely.

Symantec rated the worm as a 'Very Low' threat, although it maintained its ThreatCon, an all-around indicator of internet security, at '2' because Microsoft issued an emergency patch.

"It doesn't appear to be very widespread, although that could change, of course," said Haley.

Storms urged users who had not installed the MS08-067 update to do so immediately.

"The worm may not have many legs, but you should get ahead of the game and deploy now," he said.

"Recommended For You"

Hackers rush to exploit critical Windows bug Microsoft's emergency Windows patch warning ignored by users