Arrival of Exploit Code and Subsequent Patch for Microsoft OS

'Proof of concept' exploit code has begun to appear on the Internet. It provides detailed instructions to launch attack on wormholes in Microsoft Windows. Security experts are, therefore, signaling "patch now or else" warnings to computer operators.

'Microsoft Security Bulletin MS06-070' addressed the flaw, which is remotely exploitable and has 'buffer overrun'. The flaw enables attackers to gain complete access of compromised systems. The attackers can create fresh user accounts, run programs and alter or remove data. Security analysts have rated the flaw 'most serious' of the seven "critical" flaws that Microsoft has detected in Nov'06.

The code exploits a security hole in Microsoft's key operating system. This OS element routes file system and prints the requests known as "Workstation Service". An anonymous attacker can exploit the flaw on the Net on systems that run Windows 2000, without interacting with the user. This raises the chance of the emergence of a 'Zotob-like' worm.

According to an e-mailed statement by Microsoft the company is aware of the step-by-step instructions of the exploit code that is released on the net claiming to use the Workstation Service flaw addressed by MS06-070. The accuracy of this claim is under investigation by security engineers at the 'Microsoft Security Response Center'. The company said it would pass an advisory as soon as possible. The company emphasized that the flaw is crucial only on Windows 2000.

After Microsoft released the patch for this flaw via its monthly group of security patches in the beginning of this week, security vendors warned of its critical nature. They said it was most critical among all the November's updates and had the chances of exploitation in a self-mutating worm.

According to Marc Maiffret, chief technology officer at 'eEye Digital Security', for systems with Windows 2000, this flaw is the 'most critical' one to fix and it is more intense given the presence of a live working exploit on the Net.

Amol Sarwate, manager of the 'vulnerability research lab' at Qualys, in Redwood Shores, California, strongly recommends enterprises using Windows 2000 to examine and install the 'MS06-070' patch.

» SPAMfighter News - 11/23/2006