Fears of new Windows exploit grow

17/09/2003 Written by Sam Varghese, The Age Australia

Fears are grow­ing that vul­ner­a­bil­i­ties detailed by Microsoft on Sep­tem­ber 4 may be exploited soon, after a research com­pany pub­lished a paper pro­vid­ing guid­ance on how these could be exploited.

There are three vul­ner­a­bil­i­ties detailed in the advi­sory, two that could allow arbi­trary code exe­cu­tion and one that could result in a denial of service.A post­ing to the Full-​Disclosure mail­ing list said an expoit for the DoS was avail­able in the wild.

The research paper was put out by Dave Aitel of Immu­nity Corp and is in two parts (Part I and Part II).

The Microsoft Prod­uct Sup­port Ser­vices team, in a post­ing to the Full-​Discloure mail­ing list, said that while it had no reports of actual exploit code being pub­licly avail­able or being used actively in a worm or virus, it urged cus­tomers who were vul­ner­a­ble to patch their sys­tems imme­di­ately.

“Cus­tomers who have not deployed the patch or taken addi­tional mit­i­gat­ing actions to pro­tect their envi­ron­ment should be aware that the exis­tence of sam­ple code does make it eas­ier for an active exploit to be devel­oped,” the post­ing said.

Share this content: