MS05-039: Spybot.WOE exploits 4 unpatched MS vulnerabilities

  A new variant of Spybot has emerged which exploits four unpatched Microsoft vulnerabilities which must be patched on all PCs to ensure the best levels of protection.

W32.Spybot.WOE is a worm with back door capabilities that can be used to launch a distributed denial of service attack. The worm spreads by exploiting numerous vulnerabilities, including the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS05-039).

Firewall protection:  The following are TCP ports that should be protected in the firewall for the PC or server:  139, 445, 1427, 4654, 65528, 65529.

Microsoft Security Exploits: Spreads by scanning TCP ports 139 and 445, and exploiting the following vulnerabilities:

• The Microsoft Windows Plug and Play Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS05-039).
• The Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (as described in Microsoft Security Bulletin MS03-026).
• The Microsoft Windows Local Security Authority Service Remote Buffer Overflow(as described in Microsoft Security Bulletin MS04-011).
• The Microsoft Windows ASN.1 Library Bit String Processing Variant Heap Corruption Vulnerability (as described in Microsoft Security Bulletin MS04-007).