Microsoft warns about RPC worm infectionsMicrosoft said it has received a "string of reports from customers" saying that they have been infected by a new worm, a backdoor Trojan family that exploits the RPC flaw and then attempts to connect to an IRC server to download more malware and receive additional commands from an attacker. We continue to urge customers to deploy the update and make sure their security software is updated with the latest signatures," said Bill Sisk, response communication manager for the Microsoft Security Response Center (MSRC), in an update on MS08-067 emergency patch on the MSRC blog. Microsoft RPC WormMicrosoft issued the emergency patch Oct. 23, repairing the vulnerability which left Windows systems dangerously open to attack. It was only the fourth time that Microsoft released a security patch outside of its monthly cycle. The software maker was worried that attackers could craft a worm Trojan exploit. Within hours after the patch release, security researchers reported the discovery of the first Trojans in the wild attempting to exploit the flaw. Microsoft issues patch to fix the vulnerability of the RPC wormUrging the users to upgrade to the new patch as soon as possible. Due to the high amount of vulnerabilities in RPC on Microsoft platform it is recommended to blocking all incoming traffic to the RPC tcp ports. TCP Ports include 135, 593 and better also block off 445. It is recommended to do a full portscan of the perimeter and only allow trusted IP addresses to connect. Only allowed trusted users by IP address to connect.
|