Microsoft says it has reports from users on a worm called , which infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.exe).
The worm is taking advantage of a known vulnerability that if successfully exploited, Microsoft says, could allow remote code execution when file sharing is enabled.
There is exploit code publicly available that takes advantage of a hole Microsoft with patch MS08-067. The vendor is recommending that users apply the patch as soon as possible.
MS08-067 was an emergency patch released on Oct. 23, more than two weeks after Microsoft's monthly patch cycle called Patch Tuesday. The last emergency patch released was in April.
"Recently we've received a string of reports from customers that have yet to apply the update and are infected by malware," Microsoft's Bill Sisk wrote on the Microsoft Security Response Center blog.