RSSExploit Code Surfaces for Two MS Flaws
By Ed Oswald | Published July 25, 2006, 5:07 PM
Security companies warned of two new exploits released for separate vulnerabilities that were patched by Microsoft earlier this month. Both the French Security Incident Response Team and Symantec warned of the issues in separate advisories on Monday.
The first deals with an issue in Windows DHCP client, with successful use of the exploit resulting in a potential system takeover risk. The second takes advantage of a hole in a Windows component known as "mailslot," however the exploit code may take advantage of a new variant, requiring Microsoft to update the patch.
Microsoft is researching the second flaw and said it may issue a updated patch if needed. However, in both cases, the Redmond company has not received any reports of attackers using the exploits to launch attacks. In any case, security experts advised taking the necessary precautions.
"Implement multiple redundant layers of security," Symantec said of the mailslot flaw. It also advised setting up systems that could detect possible malicious activity on the network. The security firm repeated the recommendations for the DHCP vulnerability.
For the July patches, a good deal of exploit code is widely available on the Internet, making it all the more important to ensure all patches are applied. Attacks using exploit code for two of the vulnerabilities was already in use prior to July's Patch Tuesday, and code for a new vulnerability within PowerPoint has since surfaced.
That flaw will be fixed August 8 as part of next month's Patch Tuesday.
has it affected me...no...even the invincible osx needs updates, and a new os every year or so...I really hate the microsoft flaming...yes we all know it has its faults but they are warning everyone its not like they are hiding it...and a os is only as good as its user...
Score: 0
|Yay! Another exploit for Windows.
Do you PC users get tired of this crap? Or do you just get used to it like "petgamer"?
Anyone who is not stubborn and ignorant has switched to OSX.
EDIT: Looks like I made all the PC gayboys cry... AWWWWW LOL@losers
Score: 0
|so we should switch from a PC to a toy?
Score: 0
|You think because an exploit is around, that everyone is going to be effected and the world of windows will collapse in a day. The funny thing is more how many holes in OS X are just waiting to be found or published when people actually start to give a SHT about OS X.
Oh wait, they won't..
Score: 0
|Anyone who is too stubborn to learn about their OS and too ignorant to take proper precautions has switched to OSX.
There, fixed.
Score: 0
|Anyone who is not stubborn and ignorant has switched to OSX.
Let me rephrase that properly for ya:
Anyone without enough brains to properly operate a PC would have switched to OSX by now if they had enough brains to properly operate a PC. Anyone with enough brains to operate a PC has made their own decision based on need and personal preference regardless of what certain fanboys may have you believe.
A tad longer, but based much closer to this thing called reality.
Score: 0
|Correction....Anyone whos is not ignorant of how to properly operate their PC or just flat out lazy has switched to OSX.
Score: 0
|Turn DHCP off. It's not been set to run on my machines in a couple of years now.
If you're using a router, manually enter your desired IP address, nameservers, etc. in your network connections (wired or wireless). You can now turn DHCP off with not one hiccup. You can leave DNS running, if you wish, but it also is not absolutely necessary once you manually configure everything.
Score: 0
|I agree 100% with ZenWarrior. This method of hardening should be applied to all services that are simply not needed.
Score: 0
|Only 2 this week? Impressive.
Score: 0
|This isn't "News", it's just a weekly occurance for Microsoft it seems anymore... *yawn*
Score: 0
|Yeah like linux distros and OSX get patched just for fun.
Score: 0
|