Microsoft has warned Windows users to apply an emergency patch released in October in a bid to tackle a rise in attacks on a vulnerability in Windows that could trigger a worm infestation on networks.
Microsoft says it has reports from users on a worm called Win32/Conficker.A, which infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.exe).
The worm is taking advantage of a known vulnerability that if successfully exploited, Microsoft says, could allow remote code execution when file sharing is enabled.
Exploit code is publicly available that takes advantage of a hole Microsoft plugged last month with patch MS08-067. The vendor is recommending that users apply the patch as soon as possible.
MS08-067 was an emergency patch released on October 23, more than two weeks after Microsoft's monthly patch cycle called Patch Tuesday. The last emergency patch released was in April.
"Recently we've received a string of reports from customers that have yet to apply the update and are infected by malware," Microsoft's Bill Sisk wrote on the Microsoft Security Response Center blog.