Patch/Configuration Management, Vulnerability Management

New Microsoft flaw exploits in the wild


A number of exploits for disclosed vulnerabilities Microsoft vulnerabilities were reported to be in the wild just hours after the company's Patch Tuesday release.

By Wednesday afternoon, a handful of exploits were already in use, according to Johannes Ullrich of the SANS Internet Storm Center.

Ullrich reported that exploits for both MS06-24, a patch for a Windows Media Player flaw, and MS06-025, a routing and remote access service (RRAS) patch, were both released by a penetration testing vendor to customers.

An exploit for a flaw in Microsoft Word that allows remote code execution was available before the release of the patch, according to SANS, while two exploits for a SMB privilege escalation flaw were also released to the public.

DoS exploits for an IP source routing exploit were also released, according to SANS.

Microsoft released 12 patches for 21 flaws on Tuesday, its largest bulletin release in more than a year. Eight of the patches were deemed critical by Microsoft.

The Redmond, Wash., computing company also released three bulletins it called "important," and one patch for a "moderate" flaw.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.