[ISN] Attack code puts Windows PCs at risk

From: InfoSec News (alerts@private)
Date: Tue Jul 25 2006 - 22:28:49 PDT


By Joris Evers
Staff Writer, CNET News.com
July 25, 2006

Two new pieces of computer code that could spawn attacks on Microsoft
Windows PCs have been released onto the Internet, security companies
have warned.

The first exploit code takes advantage of a "critical" flaw in the
Windows Dynamic Host Configuration Protocol, or DHCP, client,
according to a customer alert sent out by the French Security Incident
Response Team on Monday. Microsoft released a fix on July 11 for the
problem, Symantec said in its own advisory for subscribers.

An attacker could gain full control over an unpatched Windows computer
using the exploit, Symantec said.

Microsoft tackled the problem in security bulletin MS06-036, and
people who have applied that update are protected, a representative
for the software maker said.

The second, proof-of-concept code targets a security hole in a Windows
component called "mailslot," which Microsoft patched in bulletin
MS06-035, Symantec and FRSIRT said. However, Microsoft said it
believes the code takes advantage of a new flaw.

"Proof-of-concept code was published on the Internet for a variant of
the vulnerabilities addressed by Microsoft security update MS06-035,"  
the representative for the software maker said. The company is
monitoring this situation and may issue another patch, to fix the
variant, the representative said.

Security experts pointed to the "mailslot" vulnerability as the most
risky in Microsoft's July patch bunch. It could be used to spread a
worm, they warned. However, the proof-of-concept code released over
the weekend does not have as severe an effect; all it can do is crash
a computer, Symantec said.

Microsoft said it is not aware of any actual attacks that use either
of the two exploit code samples, the representative said.

The company issued seven security bulletins with fixes for 18 flaws
earlier this month. At least two of the vulnerabilities were already
being exploited in attacks prior to the patches being released,
security company iDefense has said. Also, soon after the monthly Patch
Tuesday bulletins were released, miscreants launched attacks that
exploit a new PowerPoint flaw.

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Tue Jul 25 2006 - 22:32:08 PDT