June 26, 2006 11:10 PM PDT

Attack code for Windows flaw heightens risk

Computer code that exploits a "critical" vulnerability in Windows has been released on the Internet, prompting Microsoft to issue a security advisory.

The attack code takes advantage of a flawed Windows routing and remote access component for which Microsoft released a patch two weeks ago, the company said in its advisory published late Friday. The company is not aware of any actual cyberattacks that use the malicious code, it said.

"An attacker who successfully exploited this vulnerability could take complete control of the affected system," Microsoft said.

Microsoft urged people to apply the fix delivered with security bulletin MS06-025, which will remove the vulnerability. "We have confirmed that the exploit code does not affect users who have installed the update," the software maker said.

However, the MS06-025 fix can interfere with a certain dial-up networking connections, Microsoft said last week. The company advised people who use dial-up scripting or terminal window features to not install the security update while it works on a revised patch. That revision is still in the works, a Microsoft representative said Monday.

The MS06-025 update was one of a dozen security bulletins that Microsoft released two weeks ago. At least one patch came after the vulnerability it addressed had already been exploited in a cyberattack. Exploits for some other flaws have also been published, further increasing the urgency to patch.

See more CNET content tagged:
cyberattack, vulnerability, Microsoft Corp., security, Microsoft Windows

1 comment

Join the conversation!
Add your comment
This would be funny if
it wasn't so sad.
Posted by Macsaresafer (802 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.