Exploits Aplenty for Patch Tuesday Bugs

By Ryan Naraine  |  Posted 2006-06-14 Email Print this article Print

Less than 24 hours after Microsoft shipped patches for 21 serious software vulnerabilities, researchers have created and published proof-of-concept code.

Less than 24 hours after the release of patches for 21 product vulnerabilities, proof-of-concept exploits are popping up on the Internet.

According to the SANS ISC (Internet Storm Center), a group of volunteers who track malicious Web activity, there are at least five publicly available exploits for flaws patched in June's Patch Tuesday—including one for the MS06-027, the bulletin that covers a critical Microsoft Word code execution bug.

The Microsoft Word vulnerability has already been used in attacks against specific business targets, and the exploit signals that the window between the release of patches and the creation of exploits has narrowed considerably.

The Word exploit was released by vulnerability researchers at Immunity, a Miami-based penetration testing company.

Immunity's Word exploit was created after the first round of zero-day attacks and released IDS (intrusion detection companies) and larger penetrating testing firms as part of a partner program.

In early June 2006, the company updated its CANVAS product to include modules that exploited the Word bug.

CANVAS is a platform that hosts hundreds of exploits, automated exploitation systems and an exploit framework for penetration testers and security professionals worldwide.

On June 13, just hours after Microsoft's patches were shipped, Immunity released proof-of-concepts and CANVAS modules for the MS06-024 and MS06-025 bugs.

Those patches cover "critical," remote code execution flaws in the ubiquitous Windows Media Player and the RRAS (Routing and Remote Access Service) used in Windows.

Over at Milw0rm, a Web site that publishes exploits submitted by security researchers around the world, there are two separate proof-of-concepts for MS06-030, the bulletin that addresses a pair of flaws in Microsoft's implementation of the SMB (Server Message Block) protocol.

The SMB protocol is used in Windows to share files, printers, serial ports, and also to communicate between computers.

The release of exploit code—before or after patches are available—is a controversial practice that is frowned upon by Microsoft.

Read the full story on eWEEK.com: Exploits Aplenty for Patch Tuesday Bugs


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters