News Stay informed about the latest enterprise technology news and product updates.

Exploit code targets Microsoft flaws

At least two new potential threats are on the loose less than a day after Microsoft's June patch rollout. Security experts warn IT shops to patch immediately.

Organizations large and small should deploy Microsoft's June security patches without delay because experts say a variety of exploits are already targeting the flaws.

Microsoft released 13 security bulletins Tuesday, the biggest monthly patch rollout since February 2005, when the software giant released 12 security bulletins. Eight of this month's updates are critical and address vulnerabilities in Windows, Internet Explorer, Exchange, Media Player, PowerPoint and Word.

According to various security firms and published media reports, at least two pieces of exploit code target security holes Microsoft brought to light on Tuesday. Most of the other exploits involve flaws that the information security community had already been aware of, which were fixed in Tuesday's patch update.

Security Wire Weekly

For more from SANS' Johannes Ullrich, including his analysis of the June Microsoft patches and why he thinks the state of information security is as troubled as ever, download our Security Wire Weekly podcast.
Johannes Ullrich, chief research officer of the Bethesda, Md.-based SANS Internet Storm Center (ISC), outlined some of the exploits on the organization's Web site.

One proof-of-concept exploit, released by a penetration testing vendor to customers, targets a flaw outlined in Microsoft's MS06-024 bulletin. It fixes a critical remote code execution hole in Windows Media Player versions 9 and 10 involving how the program processes Portable Network Graphics (.png) images.

A second proof-of-concept exploit, also released by a penetration testing vendor to customers, targets flaws outlined in MS06-025, which fixes a pair of critical remote code-execution flaws affecting versions of Windows 2000, XP and Server 2003.

Vulnerability researchers typically distribute proof-of-concept exploit code so customers can write rules for intrusion defense systems (IDS) and vulnerability scanners, enabling them to detect new attacks. The code is also used for academic research. Microsoft has frowned on the practice, saying conceptual exploits can be tweaked for malicious purposes.

Another exploit, available prior to Tuesday's patch release, targets the widely publicized zero-day vulnerability in Word. The vendor's word-processing program is subject to what Microsoft calls a critical malformed object pointer execution flaw that could enable remote code execution via a specially crafted Word file. The flaw is addressed in MS06-027.

Additional exploits target privilege escalation and denial-of-service vulnerabilities in Windows Server Message Block that were addressed in MS06-030.

Additional denial-of-service exploits target a "moderate" Windows mutual authentication flaw in RPC that affects Windows 2000 SP4. This was addressed in MS06-032.

Microsoft had already warned customers to quickly patch three issues it said that attackers could easily exploit using Internet Explorer. They are outlined in MS06-021, MS06-022 and MS06-023.

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.