1 in 3 Windows PCs vulnerable to worm attack

Slow corporate patch cycles remain a problem

The worm that has infected several million Windows PCs is causing havoc because nearly a third of all systems remain unpatched 80 days after Microsoft rolled out an emergency fix, a security expert said Thursday.

Based on scans of several hundred thousand customer-owned Windows PCs, Qualys concluded that about 30 percent of the machines have not yet been patched with the "out of cycle" fix Microsoft provided October 23 as security update MS08-067.

"The unpatched numbers went down significantly around the 30-day mark," said Wolfgang Kandek, Qualys' chief technology officer, "when less than 50 percent were unpatched. After that, it went down a little slower. As of yesterday, 30 percent of the machines are unpatched."

With nearly a third of all Windows systems still vulnerable, it's no surprise that the "Downadup" worm has been able to score such a success, Kandek said. "These slow [corporate] patch cycles are simply not acceptable," he said. "They lead directly to these high infection rates."

The Downadup worm, called "Conficker" by some researchers, surged dramatically this week and has infected an estimated 3.5 million PCs so far, according to Finnish security company F-Secure Corp. The worm exploits a bug in the Windows Server service used in Windows 2000, XP, Vista, Server 2003 and Server 2008.

Microsoft issued a patch in late October after confirming reports of in-the-wild attacks, most of them against machines in Asia.

On Tuesday, Microsoft laid at least some of the blame for the worm's success at the feet of Windows' users. "Either Security Update MS08-067 was not installed at all or was not installed on all the computers," said Cristian Craioveanu and Ziv Mador, researchers at Microsoft's Malware Protection Center, in a Tuesday blog post.

Kandek agreed with them. "This shows that a three-month patch cycle, which some companies use, is unacceptable," he said.

In related news, a researcher at McAfee today said that the author of Downadup/Conficker worm took a shortcut when crafting the malware by grabbing functional exploit code from Metasploit, the open-source penetration testing framework.

"By using the exploit from the Metasploit module as the code base, a virus/worm programmer only needs to implement functions for automatic downloading and spreading," said Xiao Chen, a McAfee security researcher, in an entry to the company's blog.

"We believe that this can be accomplished by an average programmer who understands the basics of exploitation and has decent programming skills."

"It's obvious that worm writers are abusing open source tools to their advantage to make their work easier," Chen added.

Microsoft has recommended that Windows users install the October update, then run the January edition of the Malicious Software Removal Tool to clean up compromised computers.

"Patch faster," urged Kandek from Qualys.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwaremicrosoft patchessecurity patchwormconfickerdownadup

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Gregg Keizer

Gregg Keizer

Computerworld
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?