Remember the out-of-date security patch that Microsoft released the other week, the one that was deemed critical for XP and Windows Server users? We were all taken by surprise when Microsoft announced it, because they are not in the habit of breaking the long-lasting Patch Tuesday tradition – that is unless some crafty hackers are already exploiting a flaw within Windows.

Here is a quick reminder: by exploiting the way in which RPC requests are handled by Windows Server, the attacker could potentially take over a targeted machine (get access to files stored on it, delete said files, install malicious programs on said machine, and so on). The security experts that figured out an exploit, announced it to the public but kept the technical details under wraps for obvious reasons. As is the case with the Internet, you can never keep information away from the public for too long and consequently an exploit code for the MS08-67 vulnerability has leaked out.

The exploit code does indeed work, and that is why you need to patch your system right away (assuming you did not do this last week). There are several proof-of-concept exploits available on the net, but they will have no effect on an updated, patched Windows-based operating system.

According to security solutions provider PandaLabs, the vulnerability is already being used by people with malicious intent in order to access confidential data. For example, the Gimmiv.A Trojan detected by PandaLabs will gather the following info: user names and passwords fed to web applications; MSN and Outlook Express passwords; browser details, computer and system name; what patches are installed on the machine. Once collected, all that data is then relayed to a remote server.

There are two exploit codes that caught our attention: the Milw0rm and the one added to the Metasploit attack tool.