Worms exploit critical Microsoft security vulnerability

Sophos is warning computer users of malware that is exploiting a critical security vulnerability in Microsoft software, and urging companies to roll-out security patches as a matter of priority.

The Cuebot-L and Cuebot-M worms spread via AOL instant messenger, exploiting the vulnerability described in Microsoft’s MS06-040 security bulletin. Once the worms have infected a PC, they turn off the Windows firewall and open a backdoor, allowing remote hackers to gain access and control over the computer.

“As Microsoft only issued a patch against this vulnerability last week, many Windows computers probably remain unpatched and vulnerable to these threats,” explained Carole Theriault, senior security consultant at Sophos. “Microsoft is once again in the difficult situation of trying to convince its customers that Windows is becoming more secure, despite this onslaught of malware designed to exploit its vulnerabilities. As always, users are encouraged to take the necessary steps to ensure their PCs are properly protected with up-to-date security patches, anti-virus software and a firewall, as soon as possible.”

Sophos advised customers to patch against the latest security vulnerabilities in Microsoft’s software last week. Home users of Microsoft Windows can visit update.microsoft.com to have their systems scanned for critical Microsoft security vulnerabilities.