Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Exploit Code Surfaces for Two MS Flaws

By Ed Oswald, BetaNews

July 25, 2006, 5:07 PM

Security companies warned of two new exploits released for separate vulnerabilities that were patched by Microsoft earlier this month. Both the French Security Incident Response Team and Symantec warned of the issues in separate advisories on Monday.

The first deals with an issue in Windows DHCP client, with successful use of the exploit resulting in a potential system takeover risk. The second takes advantage of a hole in a Windows component known as "mailslot," however the exploit code may take advantage of a new variant, requiring Microsoft to update the patch.

Microsoft is researching the second flaw and said it may issue a updated patch if needed. However, in both cases, the Redmond company has not received any reports of attackers using the exploits to launch attacks. In any case, security experts advised taking the necessary precautions.

"Implement multiple redundant layers of security," Symantec said of the mailslot flaw. It also advised setting up systems that could detect possible malicious activity on the network. The security firm repeated the recommendations for the DHCP vulnerability.

For the July patches, a good deal of exploit code is widely available on the Internet, making it all the more important to ensure all patches are applied. Attacks using exploit code for two of the vulnerabilities was already in use prior to July's Patch Tuesday, and code for a new vulnerability within PowerPoint has since surfaced.

That flaw will be fixed August 8 as part of next month's Patch Tuesday.

Add a Comment (12 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By terminalx

posted Jul 26, 2006 - 11:37 AM

has it affected me...no...even the invincible osx needs updates, and a new os every year or so...I really hate the microsoft flaming...yes we all know it has its faults but they are warning everyone its not like they are hiding it...and a os is only as good as its user...

Score: 0

By GCoder

edited Jul 26, 2006 - 7:10 PM

Yay! Another exploit for Windows.

Do you PC users get tired of this crap? Or do you just get used to it like "petgamer"?

Anyone who is not stubborn and ignorant has switched to OSX.

EDIT: Looks like I made all the PC gayboys cry... AWWWWW LOL@losers

Score: 0

By crashoverride

posted Jul 26, 2006 - 5:00 PM

Correction....Anyone whos is not ignorant of how to properly operate their PC or just flat out lazy has switched to OSX.

Score: 0

By PC_Tool

edited Jul 26, 2006 - 12:48 PM

Anyone who is not stubborn and ignorant has switched to OSX.

Let me rephrase that properly for ya:

Anyone without enough brains to properly operate a PC would have switched to OSX by now if they had enough brains to properly operate a PC. Anyone with enough brains to operate a PC has made their own decision based on need and personal preference regardless of what certain fanboys may have you believe.

A tad longer, but based much closer to this thing called reality.

Score: 0

By Grazer

posted Jul 26, 2006 - 12:39 PM

Anyone who is too stubborn to learn about their OS and too ignorant to take proper precautions has switched to OSX.

There, fixed.

Score: 0

By _stevo

posted Jul 26, 2006 - 12:02 PM

You think because an exploit is around, that everyone is going to be effected and the world of windows will collapse in a day. The funny thing is more how many holes in OS X are just waiting to be found or published when people actually start to give a SHT about OS X.

Oh wait, they won't..

Score: 0

By xyzcb1

posted Jul 26, 2006 - 11:23 AM

so we should switch from a PC to a toy?

Score: 0

By ZenWarrior

posted Jul 26, 2006 - 10:07 AM

Turn DHCP off. It's not been set to run on my machines in a couple of years now.

If you're using a router, manually enter your desired IP address, nameservers, etc. in your network connections (wired or wireless). You can now turn DHCP off with not one hiccup. You can leave DNS running, if you wish, but it also is not absolutely necessary once you manually configure everything.

Score: 0

By cyris

edited Jul 26, 2006 - 10:44 AM

I agree 100% with ZenWarrior. This method of hardening should be applied to all services that are simply not needed.

Score: 0

By crashoverride

posted Jul 26, 2006 - 1:48 AM

Only 2 this week? Impressive.

Score: 0

By petgamer

posted Jul 25, 2006 - 7:51 PM

This isn't "News", it's just a weekly occurance for Microsoft it seems anymore... *yawn*

Score: 0

By IQ70

posted Jul 25, 2006 - 8:02 PM

Yeah like linux distros and OSX get patched just for fun.

Score: 0

Nov 21 - 6:51 PM ET Coalition urges better laws for e-mail and cell phone privacy

Nov 21 - 6:42 PM ET How is Internet advertising faring in this bad economy?

Nov 21 - 6:15 PM ET From out of the Amazon Cloud, an AWS winner emerges

Nov 21 - 5:20 PM ET Mufin music finder enters public beta, adds widgets

Nov 21 - 5:01 PM ET Google launches its SearchWiki semantics plug-in

Nov 21 - 4:57 PM ET Asus previews a slimmer, less costly Eee PC

Nov 21 - 4:32 PM ET New Adobe Media Player ushers in AIR 1.5

Nov 21 - 2:11 PM ET AT&T to add Pantech's low-cost C630 phone to 3G lineup

Nov 21 - 1:11 PM ET iPhone gets firmware 2.2 update

Nov 21 - 11:51 AM ET The Dell surprise: Higher earnings on lower revenue