Exploit code targets Microsoft flaws


Exploit code targets Microsoft flaws

Bill Brenner, Senior News Writer

Organizations large and small should deploy Microsoft's June security patches without delay because experts say a variety of exploits are already targeting the flaws.


Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

released 13 security bulletins Tuesday, the biggest monthly patch rollout since February 2005, when the software giant released 12 security bulletins. Eight of this month's updates are critical and address vulnerabilities in Windows, Internet Explorer, Exchange, Media Player, PowerPoint and Word.

According to various security firms and published media reports, at least two pieces of exploit code target security holes Microsoft brought to light on Tuesday. Most of the other exploits involve flaws that the information security community had already been aware of, which were fixed in Tuesday's patch update.

Johannes Ullrich, chief research officer of the Bethesda, Md.-based SANS Internet Storm Center (ISC), outlined some of the exploits on the organization's Web site.

One proof-of-concept exploit, released by a penetration testing vendor to customers, targets a flaw outlined in Microsoft's MS06-024 bulletin. It fixes a critical remote code execution hole in Windows Media Player versions 9 and 10 involving how the program processes Portable Network Graphics (.png) images.

A second proof-of-concept exploit, also released by a penetration testing vendor to customers, targets flaws outlined in MS06-025, which fixes a pair of critical remote code-execution flaws affecting versions of Windows 2000, XP and Server 2003.

Vulnerability researchers typically distribute proof-of-concept exploit code so customers can write rules for intrusion defense systems (IDS) and vulnerability scanners, enabling them to detect new attacks. The code is also used for academic research. Microsoft has frowned on the practice, saying conceptual exploits can be tweaked for malicious purposes.

Another exploit, available prior to Tuesday's patch release, targets the widely publicized zero-day vulnerability in Word. The vendor's word-processing program is subject to what Microsoft calls a critical malformed object pointer execution flaw that could enable remote code execution via a specially crafted Word file. The flaw is addressed in MS06-027.

Additional exploits target privilege escalation and denial-of-service vulnerabilities in Windows Server Message Block that were addressed in MS06-030.

Additional denial-of-service exploits target a "moderate" Windows mutual authentication flaw in RPC that affects Windows 2000 SP4. This was addressed in MS06-032.

Microsoft had already warned customers to quickly patch three issues it said that attackers could easily exploit using Internet Explorer. They are outlined in MS06-021, MS06-022 and MS06-023.