TELECOM Digest OnLine - Sorted: Exploits Circulating for Unpatched Windows PCs


Exploits Circulating for Unpatched Windows PCs


Gwendolyn Mariano, Newsfactor (newsfactor@telecom-digest.orgz)
Mon, 19 Jun 2006 13:35:17 -0500

Gwendolyn Mariano, newsfactor.com

Although Microsoft released a string of patches to fix security flaws
in Windows and Microsoft Office last week, security experts are
warning of several "in-the-wild" exploits that are now targeting
unpatched systems.

In recent months, hackers have increased the speed at which they can
create malicious software that targets security flaws for which
patches have just been issued.

Whenever a patch is issued, it typically comes with an extensive
advisory that details the vulnerability and the effect the patch might
have on other software.

This information allows hackers to begin building exploits to target
systems whose users have not yet installed the latest updates.

System Compromise

Microsoft's set of patches, released last Tuesday, included 12
individual fixes to address 21 security vulnerabilities, many of them
rated critical. They addressed issues in Windows, Internet Explorer,
Word, PowerPoint, and Exchange Server.

"They range in severity from a denial-of-service attack to remote-code
execution that could lead to full system compromise," said Michael
Sutton, director of VeriSign's iDefense Labs.

Microsoft responded to the news of the in-the-wild exploits by saying
that it is aware of the code being published online and is actively
monitoring the situation to keep customers informed.

"Microsoft's investigation verified that the exploit code does not
affect users who have installed all June security updates on their
computers," said a Microsoft spokesperson.

Consumer Impact

"The vulnerabilities disclosed by Microsoft last week have a very
direct impact on consumers as the majority are client-side
vulnerabilities," Sutton said. "Client-side vulnerabilities tend to be
used in attack scenarios that target consumers, such as phishing scams
or identity theft."

Sutton advised consumers to apply patches immediately and be proactive
in their installation of security software -- such as firewall and
antivirus tools -- so that they will be protected when future
vulnerabilities emerge.

Copyright 2006 NewsFactor Network, Inc.

NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily. And, discuss this and other topics in our forum at
http://telecom-digest.org/forum (or)
http://telecom-digest.org/chat/index.html

For more tech news, please go to:
http://telecom-digest.org/td-extra/technews.html

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: telecomdirect_daily: "TelecomDirect News Daily Update - June 19, 2006"
Go to Previous message: Jeffrey Gold: "Verizon Accuses Vonage of Infringment"
TELECOM Digest: Home Page