Exploit code targets Microsoft flaws

By Bill Brenner, Senior News Writer 15 Jun 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Organizations large and small should deploy Microsoft's June security patches without delay because experts say a variety of exploits are already targeting the flaws.

Microsoft released 13 security bulletins Tuesday, the biggest monthly patch rollout since February 2005, when the software giant released 12 security bulletins. Eight of this month's updates are critical and address vulnerabilities in Windows, Internet Explorer, Exchange, Media Player, PowerPoint and Word.

According to various security firms and published media reports, at least two pieces of exploit code target security holes Microsoft brought to light on Tuesday. Most of the other exploits involve flaws that the information security community had already been aware of, which were fixed in Tuesday's patch update.

Security Wire Weekly For more from SANS' Johannes Ullrich, including his analysis of the June Microsoft patches and why he thinks the state of information security is as troubled as ever, download our Security Wire Weekly podcast.

Johannes Ullrich, chief research officer of the Bethesda, Md.-based SANS Internet Storm Center (ISC), outlined some of the exploits on the organization's Web site.

One proof-of-concept exploit, released by a penetration testing vendor to customers, targets a flaw outlined in Microsoft's MS06-024 bulletin. It fixes a critical remote code execution hole in Windows Media Player versions 9 and 10 involving how the program processes Portable Network Graphics (.png) images.

A second proof-of-concept exploit, also released by a penetration testing vendor to customers, targets flaws outlined in MS06-025, which fixes a pair of critical remote code-execution flaws affecting versions of Windows 2000, XP and Server 2003.

Vulnerability researchers typically distribute proof-of-concept exploit code so customers can write rules for intrusion defense systems (IDS) and vulnerability scanners, enabling them to detect new attacks. The code is also used for academic research. Microsoft has frowned on the practice, saying conceptual exploits can be tweaked for malicious purposes.

Another exploit, available prior to Tuesday's patch release, targets the widely publicized zero-day vulnerability in Word. The vendor's word-processing program is subject to what Microsoft calls a critical malformed object pointer execution flaw that could enable remote code execution via a specially crafted Word file. The flaw is addressed in MS06-027.

Additional exploits target privilege escalation and denial-of-service vulnerabilities in Windows Server Message Block that were addressed in MS06-030.

Additional denial-of-service exploits target a "moderate" Windows mutual authentication flaw in RPC that affects Windows 2000 SP4. This was addressed in MS06-032.

Microsoft had already warned customers to quickly patch three issues it said that attackers could easily exploit using Internet Explorer. They are outlined in MS06-021, MS06-022 and MS06-023.

Tags: Malware, Viruses, Trojans and Spyware,  Security Patch Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Malware, Viruses, Trojans and Spyware Malware in Google attacks uses spaghetti code Preparing for future security threats, evolving malware Facebook attacks prompt investments in social networking security Another PDF attack targets Adobe zero-day vulnerability Security report finds rise in banking Trojans, adware, fewer viruses How to prevent rogue antivirus programs in the enterprise How to stop keylogging malware with more than basic antivirus software, firewalls Conficker-infected machines now number 7 million, Shadowserver finds FBI estimates rogue antivirus losses exceeding $150 million Security researchers continue hunt for Conficker authors Security Patch Management Microsoft gives Internet Explorer a major security overhaul Information security book excerpts and reviews What patch management metrics does Project Quant use? Squad: Tokenization, Phishing and the Feds Should management processes change based on a patch release schedule? Should Windows Mobile updates come from Microsoft? Adobe updates ColdFusion, JRun, Flex Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RAT (remote access Trojan)  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary