|
Worm Zotob and Rbot.CBQ are spreading via Internet and
they are known to exploit Microsoft Windows Plug and Play
service vulnerability (MS05-039).
Plug and Play (PnP) allows the operating system to detect
new hardware when one installs it on a system. Yet
vulnerability has been discovered in Microsoft Windows Plug
and Play service and worms like Zotob and Rbot.CBQ have
exploited this vulnerability in order to propagate themselves
via 139/TCP or 445/TCP.
BroadWeb Security Service Team (BSST) has released the
countermeasure signatures in signature version 3.10, which
includes:
# 1052065_EXPLOIT MS Plug and Play Remote Buffer Overflow
(MS05-039) -1
# 1052066_EXPLOIT MS Plug and Play Remote Buffer Overflow
(MS05-039) -2
# 1052067_EXPLOIT MS Plug and Play Remote Buffer Overflow
(MS05-039) -3
NetKeeper users are urged to upgrade their signature
patterns to version 3.10 or later in order to thwart any worms
that exploit Microsoft Windows Plug and Play service
vulnerability (MS05-039).
(BSST, Broadweb Security Service Team)
| 