Exploit code is already circulating for three of the security holes patched by Microsoft last week in its monthly security bulletin release. Three "important" and five "critical" patches plugged 18 holes in Internet Explorer, Windows, MSN Messenger, Exchange Server and Office.
In Tuesday's release, the software company included two updated security fixes along with two non-security patches. The non-security patch will help administrators and users install security patches, according to a Microsoft spokesperson. The company released them simultaneously so that administrators could deploy the non-security updates with the security updates and reboot once.
"It was a good set of patches addressing a critical set of vulnerabilities," said Eric Schultze, chief security architect with Shavlik Technologies LLC, in Roseville, Minn. "It's important to get these patches installed because I expect there will be exploitations or worms circulating soon."
Exploit code for vulnerabilities in Exchange Server, MSN Messenger and message queuing was posted on the Internet, Schultze said.
Schultze identified critical bulletins MS05-019, fixing TCP/IP vulnerabilities and the Internet Explorer patch, MS05-020, as top priorities while patching. The vulnerabilities can allow remote users to take over machines. Windows XP users can save themselves from hackers looking to exploit the TCP/IP vulnerabilities by turning on the XP personal firewall. "People won't be able to remotely attack you, but that's only for folks running Windows XP," Schultze said.
Brian Bartlett, systems engineer with patch management company Ecora Software Corp., in Portsmouth, N.H., said the TCP/IP vulnerability was most likely to affect Windows 2000 machines and others still running Windows XP SP1. Unlike the other vulnerabilities that were privately reported, Bartlett said, part of the TCP/IP flaw was discovered in the wild.
Informing users can also help prevent an exploit. "What seems to be common in [the vulnerabilities] is that to exploit them, they have to use some social engineering. They have to lure you into adding you to their buddy list," Bartlett said.
Exploits can be kept at bay with IT best practices, he said. "You don't let people log on with administrative rights."
While Bartlett said that none of the patches caused system disruptions, Schultze said that some users of Dell Inc.'s D600 have been reporting system crashes. Keeping Dell BIOS patches up to date, he said, could remedy the problem.
For more information:
More information from SearchWindowsSecurity.com