Attack code comes on heels of Microsoft patches

By Greg Sandoval
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
- Google
- Newsvine
- Yahoo! Bookmarks
- Twitter
- Stumbleupon
E-mail
Print

Related Stories: Microsoft plugs 21 security holes
June 13, 2006; No fix for 'critical' hole in Windows 98, ME
June 9, 2006; Bumper crop of Microsoft patches on the way
June 8, 2006

Just a day after Microsoft released patches for vulnerabilities in some of its software, code designed to take advantage of those weaknesses appeared on the Internet.

Most of the patches that Microsoft issued were for flaws that were widely known. But at least two flaws were made public for the first time on Tuesday as part of the company's monthly security update.

Security firms reported finding the code on Wednesday. The exploit code for previously unknown flaws means hackers could use the code to pounce on computer systems with managers who are slow to apply patches.

"Microsoft is aware that detailed exploit code was published on the Internet for some of the vulnerabilities," the software maker said in a statement. "With the exception of MS06-027 (the Word malware that began circulating last month), Microsoft is not currently aware of any active attacks utilizing this exploit code...the exploit code does not affect users who have installed all June security updates."

In all, Microsoft issued patches for 21 flaws in its security update, saying all but two of them could let an intruder run malicious code on a compromised computer.

Some of the exploits that appear on the Web are for "critical" flaws in Windows Media Player and for "routing and remote access." The SANS Internet Storm Center reported that two exploits were for the "routing and remote access."

VeriSign's iDefense team also announced that it had developed a "proof of concept" exploit code for a security hole in the ".art" file, a file type used often for AOL services and Web sites, according to iDefense.

See more CNET content tagged:
patch management, iDefense, security update, code, flaw

Add a Comment (Log in or register) 4 comments

interesting
by thedreaming June 15, 2006 6:35 AM PDT: Microsoft puts out security patches and almost overnight, we get the first attacks using those same patched security gaps.

<CONSPIRACY>
Did Microsoft find out about the expoit code from the wild and create patches for them so that when the attacks began they would be stopped before they began or did they manufacture the whole thing, the exploits, the patches, the media stories?
</CONSPIRACY>

OOPPS! Sorry about that, went into conspiracy mode again.; Reply to this comment View reply
Processing

interesting
by thedreaming June 15, 2006 6:35 AM PDT: Microsoft puts out security patches and almost overnight, we get the first attacks using those same patched security gaps.

<CONSPIRACY>
Did Microsoft find out about the expoit code from the wild and create patches for them so that when the attacks began they would be stopped before they began or did they manufacture the whole thing, the exploits, the patches, the media stories?
</CONSPIRACY>

OOPPS! Sorry about that, went into conspiracy mode again.; Reply to this comment View reply
Processing

Latest tech news headlines

IBM invests in business partners' training
Posted in News - Business Tech by Colin Barker

October 11, 2008 5:01 PM PDT
Navy charters kite-powered cargo ship to deliver equipment
Posted in Military Tech by Mark Rutherford

October 11, 2008 11:03 AM PDT
FCC report negates free Internet interference claims
Posted in News - Wireless by Michelle Meyers

October 11, 2008 10:41 AM PDT
See all headlines

Resource center from News.com sponsors

You Need The Speed of Norton 2009

Introducing Norton Internet Security™2009

With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
IBM invests in business partners' training
A business development fund aims to encourage its largest partners to take up more skills training around data centers.
Gallery
Photos: Top 10 reviews of the week
Military Tech
Navy charters kite-powered cargo ship to deliver equipment
The use of this new breed of sailing ship could reduce fuel costs by 20 to 30 percent, according to the ship's owners.
Coop's Corner
Ellison's mantra: Spend, baby, spend
It may be hell out there, but Oracle's chief tells shareholders the company still intends to shop for more acquisitions.
Video
Sprint launches Xohm WiMax
News - Wireless
FCC report negates free Internet interference claims
Report from commission engineers boosts plan to auction spectrum for free wireless Internet by dismissing concerns it would interfere with existing providers' signals.
Video
Talking with Newt Gingrich on tech, bailout
News - Politics and Law
President signs broadband data collection bill
The Broadband Data Act encourages wider collection of information regarding nationwide access to broadband.
News - Cutting Edge
Academics sink teeth into Yahoo search service
Yahoo hopes its Build Your Own Search Service program has piqued the interest of academic researchers. Next stop: start-ups.
Gallery
Photos: Cracking open Apple's revamped iPod Nano
Crossfade
Crooked Fingers, 'Phony Revolutions': Free MP3 of the Day
Download a free MP3 of "Phony Revolutions" courtesy of CNET Download Music.
Green Tech
Urban wind power inspired by ancient Persia
The shape of urban wind power continues to morph. The latest twist come from Windation, a company with a design inspired by centuries-old "wind catchers."