Fears of MSBlast-style attack



A piece of code that exploits a critical vulnerability that Microsoft issued a patch for only last week has been posted online, raising fears of an imminent MSBlast-style attack, CNET reports.

On Feb. 10, Microsoft released a patch that fixes a networking flaw that affects Windows. The company warned people to patch their systems, because the vulnerability could be exploited by virus and worm writers.

Four days after the patch was released, a piece of code was published on a French Web site that would let anyone exploit the vulnerability, meaning that unpatched customers could be hit with a worm similar to last summer's MSBlast, also known as Blaster.

"We ran (the compiled code) against an unpatched XP and Windows 2000 SP3 system, and it took both systems down. It does a buffer overflow and immediately sends the PC into a reboot phase that you can't get out of," said Richard Starnes, director of incident response at telecommunications giant Cable & Wireless.