Article

Exploit code posted for Exchange, MSN flaws

Jennifer Lawinski, News Writer

Exploit code is already circulating for three of the security holes patched by Microsoft last week in its monthly security bulletin release. Three "important" and five "critical" patches plugged 18 holes in Internet Explorer, Windows, MSN Messenger, Exchange Server and Office.

In Tuesday's release, the software company included two updated security fixes along with two non-security patches. The non-security patch will help administrators and users install security patches, according to a Microsoft spokesperson. The company released them simultaneously so that administrators could deploy the non-security updates with the security updates and reboot once.

It's important to get these patches installed because I expect there will be exploitations or worms circulating soon.
Eric Schultze, chief security architect with Shavlik Technologies LLC,

"It was a good set of patches addressing a critical set of vulnerabilities," said Eric Schultze, chief security architect with Shavlik Technologies LLC, in Roseville, Minn. "It's important to get these patches installed because I expect there will be exploitations or worms circulating soon."

Exploit code for vulnerabilities in Exchange Server, MSN Messenger and message queuing was posted on the Internet, Schultze said.

Schultze identified critical bulletins MS05-019, fixing TCP/IP vulnerabilities and the Internet Explorer patch, MS05-020, as top priorities while patching. The vulnerabilities can allow remote users to take over machines. Windows XP users can save themselves from hackers looking to exploit the TCP/IP vulnerabilities by turning on the XP personal firewall. "People won't be able to remotely attack you, but that's only for folks running Windows XP," Schultze said.

Brian Bartlett, systems engineer with patch management company Ecora Software Corp., in Portsmouth, N.H., said the TCP/IP vulnerability was most likely to affect Windows 2000 machines and others still running Windows XP SP1. Unlike the other vulnerabilities that were privately reported, Bartlett said, part of the TCP/IP flaw was discovered in the wild.

Informing users can also help prevent an exploit. "What seems to be common in [the vulnerabilities] is that to exploit them, they have to use some social engineering. They have to lure you into adding you to their buddy list," Bartlett said.

Exploits can be kept at bay with IT best practices, he said. "You don't let people log on with administrative rights."

While Bartlett said that none of the patches caused system disruptions, Schultze said that some users of Dell Inc.'s D600 have been reporting system crashes. Keeping Dell BIOS patches up to date, he said, could remedy the problem.

For more information:

MS05-016 Vulnerability in Windows Shell that Could Allow Remote Code Execution

MS05-017 Vulnerability in Message Queuing Could Allow Code Execution

MS05-018 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service

MS05-019 Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service

MS05-020 Cumulative Security Update for Internet Explorer

MS05-021 Vulnerability in Exchange Server Could Allow Remote Code Execution

MS05-022 Vulnerability in MSN Messenger Could Lead to Remote Code Execution

MS05-023 Vulnerabilities in Microsoft Word May Lead to Remote Code Execution


More information from SearchWindowsSecurity.com

  • Article: Get Microsoft's patches for 18 flaws in April
  • Topic: Troubleshoot post-patch problems
  • Tip: Know how to undo your patching mistakes


  • There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: