Exploits for Microsoft flaws circulating

Security firms are warning about the availability of attack code targeting some of the flaws for which Microsoft released patches Tuesday.

Most of the exploits target flaws that were previously known but for which patches became available only as part of Microsoft's June monthly security update. But at least two publicly available exploits are directed at newly disclosed flaws in the company's products.

"Exploit code had already existed for three of the vulnerabilities prior to Tuesday, as they were already public issues," said Michael Sutton, director of VeriSign's iDefense Labs. "Beyond that, we're seeing public exploit code emerge for some of the new vulnerabilities and are hearing rumors of private code existing for others."

The availability of such exploits heightens the risk for companies that have not yet been able to patch their systems and are important factors to consider when deciding which systems to patch first, he said.

"We believe that it is far more beneficial to withhold proof-of-concept code for an amount of time so that customers can get the vulnerabilities patched," said Stephen Toulouse, security program manager at Microsoft's security response center. "The public broadcasting of code so quickly after a bulletin release, we believe, tends to help attackers."

Microsoft is telling its cusomers to pay special attention to three key updates -- MS06-021, MS06-022 and MS06-023 -- because they could be particularly easy to exploit using Internet Explorer. "There are methods by which if you just browse to a Web site, there could be code execution," Toulouse said.

According to iDefense, some form of exploit code is publicly available against the cross-domain information disclosure vulnerability described in bulletins MS06-021, the address bar spoofing flaw in MS06-021 and the Word malformed object pointer vulnerability described in MS06-027.

All three were previously known flaws and were given a severity rating of "critical" by Microsoft.

In addition, exploits have also become publicly available for both of the newly disclosed server message block vulnerabilities in MS06-030, according to iDefense.

The SANS Internet Storm Center this morning posted a note also listing exploits released by penetration-testing vendors to customers. One of the exploits was directed against the Windows Media Player flaw in MS06-024, while the other was targeted at the routing and remote-access vulnerability in MS06-025.

Denial-of-service attack codes are also privately available for a TCP/IP flaw in MS06-032, according to SANS.

Outside of the Word malware, which began circulating last month, Microsoft has not yet seen any of these exploits used by attackers, Toulouse said.

The availability of exploit code once again shows that there is no longer any "patching window" for companies, said Johannes Ullrich, chief research officer at the Internet Storm Center.

"Companies don't have the luxury of sitting back and waiting," Ullrich said. "They have to expect that public exploits will become available the day after vulnerabilities are disclosed, and they have to expedite the patching process," despite the challenges involved, he said.

Robert McMillan of the IDG News service contributed to this report.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jaikumar Vijayan

Show Comments

Father’s Day Gift Guide

Brand Post

Bitdefender 2019

Bitdefender solutions stop attacks before they even begin! Get cybersecurity that 500 MILLION users already have and trust.

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?