Exploits Fish for Unpatched PCs Two New Exploits Target Core Windows Components Ed Sutherland
Security vendor Symantec (Quote, Chart) alerted customers to two exploits using already-patched vulnerabilities.
The exploits target two core Windows components, according to Dave Cole, Director of Symantec's Security Response.
Although Microsoft (Quote, Chart) patches released July 11 easily foil both the DHCP and "mailslot" exploits, writers of the attack code know "a lot of people take their sweet time patching their system," according to Cole.
The first exploit uses a "critical" vulnerability in the Windows DHCP client that enables consumers to easily go online.
The malicious code could allow attackers to seize control of unpatched systems, Cole said.
Applying the patch found in the MS06-36 security bulletin resolves the potential risk.
Using a known vulnerability in the Windows core messenger service, the mailslot proof-of-concept exploit is currently limited to denial-of-service.
However, the modest attack could be revised to include more damage, warned Cole.
Like the DHCP exploit, systems that applied the earlier Microsoft patches are safe.
Why do authors of exploits bother with vulnerabilities already corrected?
Even after patches are released, attackers "cast out the tuna nets" seeking unpatched systems, said the security expert.
To cause damage, the trolling for victims needn't work every time, Cole said.
In a related update, Microsoft unveiled a toolkit allowing companies to block automatic delivery of Internet Explorer 7 as a high-priority update via Automatic Updates for XP and Windows Server 2003.
The final version of IE 7 is expected during the fourth quarter of 2006, according to Microsoft.
The software company also released an update to the beta version of its Internet
Explorer 7.
The update resolves problems IE 7 beta 3 users encountered with the Yahoo toolbar, according to Microsoft.
