Microsoft says Windows flaw could bring worm attack

摘要

Microsoft fixed a critical bug in its Windows operating system last Thursday, saying that it is being exploited by online criminals and eventually could be used in a widespread worm attack. Microsoft took the unusual step of issuing an emergency patch for the flaw, several weeks ahead of its regularly scheduled November security updates. The flaw lies in the Windows Server service, which is used to connect such network resources as file and print servers over a network. By sending malicious messages to a Windows machine that uses Windows Server, an attacker could take control of the computer."It is possible that this vulnerability could be used in the crafting of a wormable exploit. If successfully exploited, an attacker could then install programs or view, change, or delete data; or create new accounts with full user rights," Microsoft said in a bulletin.