The U.S. Department of Homeland Security (DHS) warned Wednesday that a recently patched Microsoft Windows vulnerability could put the nation’s critical infrastructure at risk.The patch, described in Microsoft Security Bulletin MS06-040, relates to Windows Server services. It was one of 12 updates issued Tuesday by the software giant, but security experts are particularly concerned with the bug because hackers have already exploited the vulnerability. The vulnerability is described here.Microsoft is advising customers to give this update priority, said Christopher Budd, a security program manager with Microsoft’s security response center. “The top thing that we’re trying to help people understand is we want them to take 06-040 and put it at the top of the stack,” he said late Tuesday.The DHS statement echoed Microsoft’s sentiments warning that the vulnerability “could impact government systems, private industry and critical infrastructure, as well as individual and home users.” The statement can be found here. Attackers have already started exploiting the vulnerability in a limited manner, Budd said. A sample exploit has been published within Immunity’s security testing toolkit, and snippets of the malware are beginning to circulate in public, security vendors said.The bug is of particular concern because Windows Server services are generally enabled by default on Windows systems, and a worm based on the flaw could end up being widespread. Windows Server services are used for common network applications like file sharing and printing. The fact that DHS has taken the rare step of warning about MS06-040 underscores the severity of the situation, said Jonathan Bitle, manager of technical accounts with Qualys.But because security-conscious companies are blocking the Internet ports used by this malware—ports 139 and 445—any worm will have a hard time jumping from one corporate network to another, Bitle said. “It will probably be the type of situation where if a worm does come out, it will hit sporadically through different companies where they haven’t been able to apply the patches or put the controls in place.”-Robert McMillan, IDG News Service (San Francisco Bureau)This article is posted on our Microsoft Informer page. For more news on the Redmond, Wash.-based powerhouse, keep checking in.Check out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content opinion Website spoofing: risks, threats, and mitigation strategies for CIOs In this article, we take a look at how CIOs can tackle website spoofing attacks and the best ways to prevent them. By Yash Mehta Dec 01, 2023 5 mins CIO Cyberattacks Security brandpost Sponsored by Catchpoint Systems Inc. Gain full visibility across the Internet Stack with IPM (Internet Performance Monitoring) Today’s IT systems have more points of failure than ever before. Internet Performance Monitoring provides visibility over external networks and services to mitigate outages. By Neal Weinberg Dec 01, 2023 3 mins IT Operations brandpost Sponsored by Zscaler How customers can save money during periods of economic uncertainty Now is the time to overcome the challenges of perimeter-based architectures and reduce costs with zero trust. By Zscaler Dec 01, 2023 4 mins Security feature LexisNexis rises to the generative AI challenge With generative AI, the legal information services giant faces its most formidable disruptor yet. That’s why CTO Jeff Reihl is embracing and enhancing the technology swiftly to keep in front of the competition. By Paula Rooney Dec 01, 2023 6 mins Generative AI Digital Transformation Cloud Computing Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe