Microsoft is warning users of malicious software that could be used to attack Windows systems that lack the company’s latest security updates.The exploit code targets a vulnerability in the Remote Access Connection Manager (RASMAN) service, used by Windows to create network connections over the telephone. The bug, which was patched June 13, is rated critical by Microsoft, the most severe rating available.Hackers published the code on websites late last week, and it is now included in Metasploit, a hacking toolkit that is used by security researchers and criminals alike.The malicious software is not as dangerous as it could be. Most firewalls will block it, and it also requires that the hacker be authenticated on the computer for it to work. Still, Windows 2000 and Windows XP Service Pack 1 users need to be wary because they could be the victims of particularly nasty attacks that do not require authentication, Microsoft said.“The current exploit code … requires authentication, but the underlying vulnerability does not,” said Stephen Toulouse, a security program manager with Microsoft’s security response center. For any attack to work on the latest versions of other Windows systems, like XP or Windows Server 2003, the attacker would need to be able to log on to the victim’s machine, Microsoft said.Hackers will likely use the malicious software in criminal attacks since it is now in Metasploit, said Ken Williams, director of vulnerability research with CA.Complicating matters is the fact that some dial-up users have been having problems with the patch. Computers that use Windows’ dial-up scripting or terminal windows to make connections may find that their dial-up connections no longer work, according to Microsoft’s alert.Users who cannot install the patch immediately should disable the RASMAN service, Microsoft said.Over the past two weeks, Microsoft has also been contending with a number of unpatched vulnerabilities in its Office and Excel software. Microsoft has not yet patched the bugs, but it said Saturday that one of them is now expected to be patched in its next round of security updates, due July 11. Microsoft’s advisory on the malicious code can be found here.-Robert McMillan, IDG News Service (San Francisco Bureau)Related Link: Third Microsoft Excel Attack IdentifiedThis article is posted on our Microsoft Informer page. For more news on the Redmond, Wash.-based powerhouse, keep checking in. Check out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content BrandPost Smart UPS Connectivity: what it is and why you need it By Veronica Lew Mar 27, 2023 4 mins Remote Access Opinion Huawei’s F5G rollout plan signals new wave of green technology and digital transformation At MWC, Gu Yunbo, President of Huawei’s Enterprise Optical Business Domain, sat down with CIO to discuss a raft of new F5G launches, and what they mean for enterprise computing. By Peter Kirwan Mar 27, 2023 4 mins Digital Transformation Opinion Huawei launches intelligent data storage solutions at MWC to satisfy rising multi-cloud demand Peter Zhou, President of Huawei’s IT Product Line, joined CIO at Mobile World Congress in Barcelona to discuss a rising tide of enterprise investment in storage solutions for on-premises data centers and private clouds. By Peter Kirwan Mar 27, 2023 4 mins Data Management BrandPost AI bots for customer experience: trends, insights, and examples How can you implement AI bots in your company, and what will they be able to do for you? Here’s how Avaya expects things to shake out. By Mike Kuch, Sr. Director Solutions Marketing, Avaya Mar 27, 2023 5 mins Artificial Intelligence Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe