Microsoft is warning that attackers are exploiting a critical flaw in the Windows operating system and that the bug could be used in a worm attack Microsoft fixed a critical bug in its Windows operating system Thursday, saying that it is being exploited by online criminals and that it could eventually be used in a widespread “worm” attack.Microsoft took the unusual step of issuing an emergency patch for the flaw, several weeks ahead of its regularly scheduled November security updates, saying that it is being exploited in “limited targeted attacks.”“It is possible that this vulnerability could be used in the crafting of a wormable exploit. If successfully exploited, an attacker could then install programs or view, change, or delete data; or create new accounts with full user rights,” Microsoft said in a bulletin released Thursday morning.The flaw lies in the Windows Server service, used to connect different network resources such as file and print servers over a network. By sending malicious messages to a Windows machine that uses Windows Server, an attacker could take control of the computer, Microsoft said. Although firewalls would typically prevent this type of attack from spreading across the Internet, it could wreak havoc within corporate local area networks, much as the Zotob computer worm did back in 2005.Zotob affected Windows 2000 systems, but this bug is rated critical for three versions of Windows: Windows 2000, Windows XP and Windows Server 2003 systems. It is rated as a less-serious flaw for the Windows Vista and Server 2008 systems, which require additional authentication from computers on the network. Although the attack code used to exploit this flaw has not been publicly released, Microsoft felt that the bug was serious enough that it needed to rush out a patch, said Andrew Storms, director of security operations at nCircle, who has been briefed on the issue with Microsoft’s security team.“The exploits that Microsoft found were found on systems running their Microsoft security software. This is how they became aware of it,” he said. “It is a successful attack, but it is not spreading like a worm at this point.”Although the attack code seems to have been used in only very targeted attacks, it could become a more widespread problem, according to Marc Maifffret, director of professional services with The DigiTrust Group. “It will really depend on whether or not someone wants to cause a bit of chaos and make a … name for themselves,” he said via instant message. “The reality is that bad guys do not like worms because they cause more people to patch.” Related content news Multibillion-dollar cybersecurity training market fails to fix the supply-demand imbalance Despite money pouring into programs around the world, training organizations have not managed to ensure employment for professionals, while entry-level professionals are finding it hard to land a job By Samira Sarraf Oct 02, 2023 6 mins CSO and CISO CSO and CISO CSO and CISO news Royal family’s website suffers Russia-linked cyberattack Pro-Russian hacker group KillNet took responsibility for the attack days after King Charles condemned the invasion of Ukraine. By Michael Hill Oct 02, 2023 2 mins DDoS Cyberattacks feature 10 things you should know about navigating the dark web A lot can be found in the shadows of the internet from sensitive stolen data to attack tools for sale, the dark web is a trove of risks for enterprises. Here are a few things to know and navigate safely. By Rosalyn Page Oct 02, 2023 13 mins Cybercrime Security news ShadowSyndicate Cybercrime gang has used 7 ransomware families over the past year Researchers from Group-IB believe it's likely the group is an independent affiliate working for multiple ransomware-as-a-service operations By Lucian Constantin Oct 02, 2023 4 mins Hacker Groups Ransomware Cybercrime Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe