Microsoft downplays malware warnings

With security vendors warning of new malware that exploits a recently patched flaw in Windows, Microsoft Corp. is saying that attacks are not on the rise.

Earlier this week, two new malicious programs popped up, both of which took advantage of the MS06-040 Windows Server service vulnerability. This prompted Symantec Corp. to raise its ThreatCon rating to 2 on Thursday, an indication that users should be at a heightened level of security awareness.

But on Friday Microsoft said that even with these new variants, the total number of computers being attacked was unchanged. “We’re not seeing an increase in attacks, just minor variations,” said Stephen Toulouse, security program manager with Microsoft’s Security Response Center.

Symantec’s Oliver Friedrichs agreed that “the overall volume of attack attempts is fairly consistent,” but he said that the fact that hackers had continued to pound away at the MS06-040 vulnerability is troubling. “The fact that we are seeing more threats exploiting these vulnerabilities, that in itself is disconcerting,” said Friedrichs, a director of emerging technologies in Symantec Security Response.

Symantec has counted six variants of the MS06-040 attacks to date. Symantec rates the two new programs spotted this week, W32.Dasher.G and W32.Spybot.AKNO, as low risks.

A security bulletin on MS06-040, which affects most versions of Windows, can be found here:

The MS06-040 patch has to do with Windows’ Server services, which are used for a variety of networking tasks, such as file sharing and printing. Because the flaw relates to widely used and network-enabled features, security experts have warned that it is a likely candidate for a widespread worm. Shortly after the patch was released, the U.S. Department of Homeland Security took the unusual step of warning users of the flaw, saying it could put the nation’s infrastructure at risk. To date, however, no widespread outbreak has appeared.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now