Microsoft Security Advisory (922437)
Exploit Code Published Affecting the Server Service
Published: | Updated:
Microsoft is aware of public reports regarding an attack known as Win32/Graweg exploiting the vulnerability addressed by security update MS06-040. Microsoft’s initial investigation of Win32/Graweg verified that it only affects users running Windows 2000 that have not applied the update detailed in MS06-040. Microsoft has activated its emergency response process and is continuing to investigate this issue.
The Microsoft Security Response Alliance partners as well as our own internal teams have determined that there is not widespread customer impact and have rated Win32/Graweg as a Low threat. At this time it does not appear to be a self-replicating internet-wide worm.
Microsoft continues to recommend that customers apply the August updates as soon as possible with additional urgency and consideration given to the update detailed in MS06-040. Customers can ensure that the updates are being installed by enabling the Automatic Updates feature in Windows or by using their deployment infrastructure in their enterprise or small business.
Customers who believe that they are infected or are not sure whether they are infected by Win32/Graweg should visit Safety.live.com and choose "Protection Scan." Additionally, Windows Live OneCare from Microsoft provides detection against Win32/Graweg and its known variants.
Customers who believe they have been attacked should contact their local FBI office or report their situation to www.ic3.gov. Customers outside the U.S. should contact the national law enforcement agency in their country
Customers who believe they are affected can contact Product Support Services. Contact Product Support Services in North America for help with security update issues or viruses at no charge using the PC Safety line (1866-PCSAFETY) and international customers by using any method found at this location: http://support.microsoft.com/security.
- Customers who have installed the MS06-040 security update are not affected by this vulnerability.
- While installation of the update is the recommended action, customers who have applied the mitigations as identified in MS06-040 will have minimized their exposure and potential exploitability against an attack.
- You can provide feedback by completing the form by visiting the following Web site.
- Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services. For more information about available support options, see the Microsoft Help and Support Web site.
- International customers can receive support from their local Microsoft subsidiaries. For more information about how to contact Microsoft for international support issues, visit the International Support Web site.
- The Microsoft TechNet Security Web site provides additional information about security in Microsoft products.
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
- August 11, 2006: Advisory published.
- August 13, 2006: Advisory updated to detail activity related to Win32/Graweg.