Vulnerability in Microsoft OS allows attackers to install CPU-miners on remote machines

IT security specialists have revealed a new vulnerability in Microsoft operating systems. The systems Vista, Windows7, 2008, 2008R2 of all versions are subject to a risk. Perhaps in the risk zone and other operating systems.
   

The essence of the vulnerability is that due to its exploitation the attacker gets the ability to install and run arbitrary software code on the remote machine, including installing a CPU-miner. In this case, the presence of a firewall and complex passwords do not save.

The mass problem was revealed on April 23. Many clients MIcrosoft was introduced CPU Miner - a program that uses the resources of the processor (on the server of the victim) for the mining of crypto currency. As a result of the introduction of the program, the server of the victim's computer starts to slow down due to the high load.
   
It is possible to detect CPU Miner by the fact that there is a C: \ Windows \ winsxslog folder (there should not be a regular folder), or a service without a description with the name of the form: DCFOWBCA (for each computer, the service name and the name of the executable are unique and random). When the Task Manager starts, the CPU load drops, and the CPU Miner is unloaded from the memory.  
  In order to stop the CPU Miner, it is necessary in the services of the specified service to change the start type from Automatic to Disabled, start the task manager (thereby stopping Miner), set NTFS permissions for the C: \ Windows \ winsxslog folder that forbid anyone accessing it , And reboot the server, experts advise.