Monday, August 15, 2005

Zotob Outbreak

Microsoft announced a new Windows vulnerability this morning.
A programming error in the Plug and Play (PnP) service used by Microsoft Windows machines can present a remote attacker with the opportunity to overflow a fixed length buffer, execute code on the vulnerable system and escalate privileges on the host to the extent that they could take complete control of the affected machine.
In English, some jackass hacker can use bad code in a Windows "feature" to turn your computer into a Spam generator. To fix the problem, open the Start menu on your computer, look for the Windows Update program, and run it. Don't delay either, because an automated internet program to exploit the bug is already at large.
The Sourcefire Vulnerability Research Team (VRT) has received reports of a new worm variant, known as Zotob, that makes use of the Plug-and-Play (PnP) vulnerability (MS05-039) to propagate.

No comments: