A network worm attack exploiting a critical Microsoft Windows vulnerability appears inevitable, security experts warned Aug. 10.
Just days after the Redmond, Wash., software maker issued the MS06-040 bulletin with patches for a "critical" Server Service flaw, Microsoft's security response unit is bracing for the worst after exploit code that offers a blueprint for attacks began circulating on the Internet.
Even before the release of Microsoft's patch, the US-CERT (Computer Emergency Readiness Team) warned that the flaw was being used in targeted attacks and that the appearance of public exploits is a sure sign that a worm attack is imminent.
An exploit module was added to the HD Moore's Metasploit Framework that could launch attacks against all unpatched Windows 2000 systems and some versions of Windows XP.
Two penetration testing companies, Immunity and Core Security Technologies, have already created and released "reliable exploits" for the flaw, which was deemed wormable on all Windows versions, including Windows XP SP2 and Windows Server 2003 SP1.
Dave Aitel, a researcher at Immunity, said his exploits are capable of launching attacks against firewall-protected Windows XP SP2. "A worm is coming. This bug is just too easy to exploit," Aitel said in an interview with eWEEK.
Aitel's company was able to reverse-engineer Microsoft's patch and create a working exploit in less than 24 hours.
Gartner Research security analyst John Pescatore said businesses should prepare for the worst.
"The nature of the vulnerability itself is something that should be taken very seriously. The fact that exploits were out even before Patch Day and now that public code is available for anyone to download and use, that's enough to treat this as a high-priority issue," Pescatore said.