Worms are exploiting a critical security flaw in Microsoft’s Windows operating system, security experts have warned.
Security firm Sophos warned that the Cuebot-L and Cuebot-M worms are exploiting a critical vulnerability outlined in Microsoft’s MS06-040 security bulletin.
The worms are spread via AOL’s instant messenger and once they have infected a PC they switch off the Windows firewall and open a backdoor that lets hackers gain access and control over the machine.
Microsoft issued a security patch for the vulnerability last week and Sophos urged businesses to patch their systems speedily. Senior security consultant Carole Theriault warned, “Many Windows computers probably remain unpatched and vulnerable to these threats.”
She added, “Microsoft is once again in the difficult situation of trying to convince its customers that Windows is becoming more secure, despite this onslaught of malware designed to exploit its vulnerabilities.”
The advice follows warnings from other security experts that the flaw described in the MS06-040 bulletin is particularly easy to exploit.
Earlier this week, the US Homeland Security department joined the chorus, urging Windows users to “avoid delay” in applying the security patch. “This vulnerability could impact government systems, private industry and critical infrastructure, as well as individual and home users,” it warned.
Vote for your IT greats
Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?
Vote now at: www.computerweekly.com/ITgreats