InfoSec Alert: Emerging Exploits for Windows Vulnerability (MS06-040 )

Here's the good news:  Destructive worms are so far not exploiting the MS04-040 Windows vulnerability -- a piece of news that got the infosec community on the internet jittery late last week until now.

The bad news:  There are several botnet worms are out in the wild exploiting the MS04-040 Windows vulnerability.

The botnet worms are identified as Cuebot-L, Graweg, and Mocbot.

To protect yourself and your network against the MS06-040 Windows vulnerability, Dark Reading recommends the following:

---- Identify PCs vulnerable to attack by running the freescanning tool offered by eEye Digital Security. The tool, which comesin two versions -- one capable of scanning 16 machines simultaneously,the other up to 256 computers -- can be downloaded free of charge fromthe eEye site.

---- Patch all vulnerable systems using Microsoft-basedmechanisms -- including Windows Update and Windows Server UpdateServices (WSUS) -- or third-party patch managers such as Shavlik'sHFNetChkPro, Patchlink's PatchLink Update, and BigFix Enterprise SuitePatch Management. Those manually downloading the patch will find ithere.

---- If administrators or users are unable to patch, Microsoftrecommended that they block TCP ports 139 and 445 at the firewall.

---- Additionally, Microsoft told users that they could defendunpatched systems by barring any unsolicited inbound traffic, orblocking the affected ports by applying Internet Protocol security(IPsec).

technorati tags:ms06-040, infosec

Blogged with Flock