Exploit Code Out for Patched MS Flaws

Exploit code has surfaced on the Web for some of the 21 issues fixed by Microsoft in its Tuesday update. But Microsoft said that so far it was unaware of any new attacks attempting to use the available code.

At least two of the flaws disclosed had not been made public before the Patch Tuesday announcement, and security firms found the code publicly available on Wednesday. Microsoft noted that this is why it does not detail information about its security updates before they are released.

The SANS Internet Storm Center reported finding exploit code available for the Windows Media Player and Routing and Remote Access flaws, as well as exploits for the IP source routing and Windows Server Message Block vulnerabilities.

Additionally, proof-of-concept code for the AOL ART binary issue within Windows had been created by the Verisign iDefense team.

Microsoft always recommends applying all security patches as soon as possible to prevent attackers from exploiting the vulnerabilities after they are disclosed.

The Redmond company released eight "critical" patches on Tuesday as part of its monthly patch program. Four other patches rounded out the list of updates, with three patches rated "important" and one rated "moderate."

Of the eight most serious fixes, two affected Internet Explorer, one for JScript within Internet Explorer, one in Windows Media Player, two in Windows, one in Word, and another in PowerPoint.