Exploit code targets Microsoft flaws

By Bill Brenner, Senior News Writer 15 Jun 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Organizations large and small should deploy Microsoft's June security patches without delay because experts say a variety of exploits are already targeting the flaws.

Microsoft released 13 security bulletins Tuesday, the biggest monthly patch rollout since February 2005, when the software giant released 12 security bulletins. Eight of this month's updates are critical and address vulnerabilities in Windows, Internet Explorer, Exchange, Media Player, PowerPoint and Word.

According to various security firms and published media reports, at least two pieces of exploit code target security holes Microsoft brought to light on Tuesday. Most of the other exploits involve flaws that the information security community had already been aware of, which were fixed in Tuesday's patch update.

Security Wire Weekly For more from SANS' Johannes Ullrich, including his analysis of the June Microsoft patches and why he thinks the state of information security is as troubled as ever, download our Security Wire Weekly podcast.

Johannes Ullrich, chief research officer of the Bethesda, Md.-based SANS Internet Storm Center (ISC), outlined some of the exploits on the organization's Web site.

One proof-of-concept exploit, released by a penetration testing vendor to customers, targets a flaw outlined in Microsoft's MS06-024 bulletin. It fixes a critical remote code execution hole in Windows Media Player versions 9 and 10 involving how the program processes Portable Network Graphics (.png) images.

A second proof-of-concept exploit, also released by a penetration testing vendor to customers, targets flaws outlined in MS06-025, which fixes a pair of critical remote code-execution flaws affecting versions of Windows 2000, XP and Server 2003.

Vulnerability researchers typically distribute proof-of-concept exploit code so customers can write rules for intrusion defense systems (IDS) and vulnerability scanners, enabling them to detect new attacks. The code is also used for academic research. Microsoft has frowned on the practice, saying conceptual exploits can be tweaked for malicious purposes.

Another exploit, available prior to Tuesday's patch release, targets the widely publicized zero-day vulnerability in Word. The vendor's word-processing program is subject to what Microsoft calls a critical malformed object pointer execution flaw that could enable remote code execution via a specially crafted Word file. The flaw is addressed in MS06-027.

Additional exploits target privilege escalation and denial-of-service vulnerabilities in Windows Server Message Block that were addressed in MS06-030.

Additional denial-of-service exploits target a "moderate" Windows mutual authentication flaw in RPC that affects Windows 2000 SP4. This was addressed in MS06-032.

Microsoft had already warned customers to quickly patch three issues it said that attackers could easily exploit using Internet Explorer. They are outlined in MS06-021, MS06-022 and MS06-023.

Tags: Malware, Viruses, Trojans and Spyware,  Security Patch Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Malware, Viruses, Trojans and Spyware ISP shutdown latest cat-and-mouse game with hackers How to get rid of malware, botnets on a hospital IT network How can search results lead to malware? Should a national cybersecurity strategy include offensive botnets? How to prevent mobile phone spying How to defend against rogue DHCP server malware New Trojan stealing FTP credentials, attacking FTP websites Cybercriminals exploit Michael Jackson, Farrah Fawcett deaths When BIOS updates become malware attacks Antispyware buying guide for Indian enterprises Security Patch Management Adobe patches ColdFusion vulnerability blocking website attack Microsoft to address DirectShow, ActiveX zero-day flaws Adobe fixes critical Shockwave Flash Player flaw Mozilla patches 11 Firefox security flaws, JavaScript errors Microsoft patches WebDAV security vulnerability in bevy of updates Adobe issues first quarterly patch release fixing 13 flaws Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities Adobe shifts to Microsoft patching process, incident response plan Software delivery could fix software patching issues Microsoft updates Office to address serious PowerPoint vulnerabilities

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com) Zotob  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary