According to a report from Computerworld earlier this week, unpatched Windows PCs are the cause for a "huge increase" in the number of infiltrations by a new computer worm written to exploit this vulnerability. Mind you, we are not talking about a new and unknown flaw here, but a security hole that was already known and addressed by an emergency fix released by Microsoft in October 2008 - and which I wrote about back then. What is particularly worrisome about this worm, named Conficker, is the blistering speed at which it is able to infiltrate an entire LAN. In addition, the worm can spread by means of brute-force password-guessing, as well as by infecting USB-based flash memory devices. To make matters worse, feedback from antivirus vendors tells of the difficulty of eliminating Conficker completely.
To underscore the severity of the problem, Roger Halbheer, the chief security adviser for Microsoft, for multiple reasons took an unusual step of actually chiding users. "If you decide not to roll out a security update which is so critical that we decide to go out of band, you play Russian roulette with your network, as you can guess that there will be attacks exploiting this vulnerability pretty soon."
The solution against this threat vector is surprisingly simple: Install the software patch. For the longer term, SMBs that have not done so would do well to assign the task of keeping an eye out for new software patches to a responsible staffer. Just because your SMB might not have the budget to hire someone dedicated to handling security matters does not mean that a blind eye should be turned towards this facet of your IT operations.
So start to define the job role and reporting chain, and then delegate the duty to someone. Today.
Symantec has pegged the number of infections at approximately 3 million PCs so far. Don't let the next few hundred come from machines located within your organization's network.