Remortgages

US-CERT Alert: Malware Exploiting Microsoft Plug and Play Vulnerability

August 15, 2005 -- US-CERT has seen reports of multiple forms of malicious code that take advantage of the vulnerability described in Microsoft Bulletin MS05-039. We have also seen several variants of the Zotob worm. This worm scans for vulnerable systems on port 445/tcp. Once compromised, the worm will download and execute itself from another infected host via FTP on a random high TCP port. The FTP server is used by the worm to host the malicious code for download when other systems are compromised.
US-CERT has also seen reports that under certain conditions Windows XP, XP SP2 and 2003 may be vulnerable to attack by remote, unauthenticated users.

More information on the vulnerability is available in the following US-CERT Vulnerability Note:

* VU#998653 - Microsoft Plug and Play contains a buffer overflow vulnerability

US-CERT urges users to apply the update described in Microsoft Security Bulletin MS05-039 . If users are unable to apply the update, Microsoft provides several workarounds that may help to mitigate against known attacks on this vulnerability.

[ Comment, Edit or Article Submission ]