MS05-039: Spybot.WOE exploits 4 unpatched MS vulnerabilities
A new variant of Spybot has emerged which exploits four unpatched Microsoft vulnerabilities which must be patched on all PCs to ensure the best levels of protection.
W32.Spybot.WOE is a worm with back door capabilities that can be used to launch a distributed denial of service attack. The worm spreads by exploiting numerous vulnerabilities, including the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS05-039).
Firewall protection: The following are TCP ports that should be protected in the firewall for the PC or server: 139, 445, 1427, 4654, 65528, 65529.
Microsoft Security Exploits: Spreads by scanning TCP ports 139 and 445, and exploiting the following vulnerabilities: