Microsoft has revealed the emergency patch it released outside of the Patch Tuesday cycle was to prevent an internet worm from spreading.
The MS08-067 patch, which was rated as critical', fixed a vulnerability could have been used in the creation of a wormhole exploit.
More specifically, it resolved a privately reported vulnerability in the server service. According to the security bulletin, the buffer overflow vulnerability allowed remote code execution if the affected system received a specially crafted RPC request.
Graham Cluley, senior technical consultant at Sophos, said that the vulnerability was very serious and that ID administrators were advised to patch the affected systems as a priority in case hackers chose to exploit it with an internet worm.
SophosLab's principle researcher Vanja Svajcer said that the last time he saw a similar vulnerability was in 2004 with the W32/Sasser worm.
He said: "It remains to be seen how interested the virus writers will be in this vulnerability, considering a general trend towards hidden malware that does not replicate.
"The noise of generated network traffic seen with large scale outbreaks of self-replicating malware may not appeal to modern day virus writers."
Security vendor Symantec said that while it had not seen wide-spread exploitation of the issue, it did see reports of a certain file in 'n2.exe' being downloaded on certain computers, which it was investigating.
