Last week, Microsoft issued 12 security patches, 9 which they rated as Critical (Patch ASAP), and 3 Important (Patch As Soon As Convenient). ISC / SANS rated those patches, for computers used as network clients, as 2 Extra Critical (PATCH NOW), 8 Critical, and 2 Important.
One of those patches, MS06-040 (KB921883), fixes a vulnerability in the Server service (remember that almost all Windows computers will run the Server service, even though they may not be dedicated servers).
Today, ISC SANS issued MS06-040: BOLO -- Be On the LookOut (NEW), stating that
Over the weekend there was a botnet doing fairly wide scale scanning for hosts affected by the vulnerabilities in the MS06-040 advisory. While technically a botnet, it was spreading in a worm like fashion.
MS06-040 is one of the two patches that were rated as PATCH NOW by ISC SANS. Among the advice given:
- If you have not done so yet:
- Roll out the MS06-040 patches ASAP.
- Do not forget to reboot those machines after patching!
MS06-040 has passed from vulnerability, to Proof Of Concept exploit, and to active exploit in progress. This is a serious situation, as documented by US CERT. Patch Now, please.
For convenient immediate downloads, I offer direct links here. Or you can use Windows Update, or Automatic Update.
- Take a system checkpoint first.
- Verify your Operating System name and service pack level:
- My Computer
- Download the most urgent patches, properly chosen for your operating system and service pack level, to an organised folder on your disk.
- Run each update, from the folder, using Windows Explorer.