:: Deepquest ::

As the spotlight on a dangerous Windows vulnerability grows brighter by the hour, security analysts Thursday said that it’s not hype driving the alarms, but genuine fear that a major worm attack is just days away.
“This is no drill,” said Mike Murray, director of research at vulnerability management vendor nCircle. “And no, this isn’t an overreaction. We’ve always said that some day there would be another big, serious vulnerability.

“Well, this is the one.”

The bug in question is one of 23 patched Tuesday by Microsoft, and one of 16 tagged by the Redmond, Wash. software developer as “critical.” It affects all currently-supported versions of Windows, can be exploited without end users lifting a finger, and in some experts’ eyes, rivals the bug that led to 2003’s destructive MSBlast attack.

Recent developments have turned up the heat over the vulnerability spelled out in Microsoft’s MS06-040 security bulletin. Wednesday, Department of Homeland Defense (DHS) called out a rare warning, and Microsoft acknowledged that the patch should be at the top of every computer user’s or administrator’s to-do list.

Wednesday, the DHS, which also operates the United States Computer Emergency Readiness Team (US-CERT), took the unusual step of issuing its own warning. “Windows users are encouraged to avoid delay in applying this security patch,” said the DHS release. “This vulnerability could impact government systems, private industry, and critical infrastructure, as well as individual and home users.”

Earlier that day, Microsoft said “we are recommending that customers give priority to MS06-040.”

Thursday’s deepening concern was fueled by several releases of new exploit code. HD Moore, co-creator of the Metasploit Framework, took his exploit for the MS06-040 vulnerability public early in the day. Later, after Symantec’s research team confirmed that Moore’s code, which targets Windows 2000, XP, and Server 2003, results in a denial-of-service (DoS) attack, repeated its previous warning to “patch as soon as possible.”

Other analysts agreed, and more.

“Because it’s been added to the Metasploit Framework, a lot of hackers will be look at [Moore’s exploit code],” said Ken Dunham, the rapid response team director at security intelligence firm VeriSign iDefense. “With some tweaking, his code could potentially be turned into a worm.”

The availability of exploit code, even rudimentary code that doesn’t yet let an attacker hijack a PC, along with the scope of the vulnerability, means that it’s guaranteed MS06-040 will get lots of attention. But whether it ends up as a worm ala 2003’s MSBlast is still uncertain, Dunham said.

more from [url=http://www.techweb.com/wire/security/191901665;jsessionid=ZJFAQAJIQMSV0QSNDLRCKH0CJUNN2JVN]Tech Web[/url]