News Stay informed about the latest enterprise technology news and product updates.

Exploit code posted for Exchange, MSN flaws

New worms are anticipated as exploit code circulates for Exchange Server, MSN Messenger and message queuing flaws -- three vulnerabilities patched by Microsoft in its latest bulletin.

Exploit code is already circulating for three of the security holes patched by Microsoft last week in its monthly security bulletin release. Three "important" and five "critical" patches plugged 18 holes in Internet Explorer, Windows, MSN Messenger, Exchange Server and Office.

In Tuesday's release, the software company included two updated security fixes along with two non-security patches. The non-security patch will help administrators and users install security patches, according to a Microsoft spokesperson. The company released them simultaneously so that administrators could deploy the non-security updates with the security updates and reboot once.

It's important to get these patches installed because I expect there will be exploitations or worms circulating soon.
Eric Schultze, chief security architect with Shavlik Technologies LLC,

"It was a good set of patches addressing a critical set of vulnerabilities," said Eric Schultze, chief security architect with Shavlik Technologies LLC, in Roseville, Minn. "It's important to get these patches installed because I expect there will be exploitations or worms circulating soon."

Exploit code for vulnerabilities in Exchange Server, MSN Messenger and message queuing was posted on the Internet, Schultze said.

Schultze identified critical bulletins MS05-019, fixing TCP/IP vulnerabilities and the Internet Explorer patch, MS05-020, as top priorities while patching. The vulnerabilities can allow remote users to take over machines. Windows XP users can save themselves from hackers looking to exploit the TCP/IP vulnerabilities by turning on the XP personal firewall. "People won't be able to remotely attack you, but that's only for folks running Windows XP," Schultze said.

Brian Bartlett, systems engineer with patch management company Ecora Software Corp., in Portsmouth, N.H., said the TCP/IP vulnerability was most likely to affect Windows 2000 machines and others still running Windows XP SP1. Unlike the other vulnerabilities that were privately reported, Bartlett said, part of the TCP/IP flaw was discovered in the wild.

Informing users can also help prevent an exploit. "What seems to be common in [the vulnerabilities] is that to exploit them, they have to use some social engineering. They have to lure you into adding you to their buddy list," Bartlett said.

Exploits can be kept at bay with IT best practices, he said. "You don't let people log on with administrative rights."

While Bartlett said that none of the patches caused system disruptions, Schultze said that some users of Dell Inc.'s D600 have been reporting system crashes. Keeping Dell BIOS patches up to date, he said, could remedy the problem.

For more information:

MS05-016 Vulnerability in Windows Shell that Could Allow Remote Code Execution

MS05-017 Vulnerability in Message Queuing Could Allow Code Execution

MS05-018 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service

MS05-019 Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service

MS05-020 Cumulative Security Update for Internet Explorer

MS05-021 Vulnerability in Exchange Server Could Allow Remote Code Execution

MS05-022 Vulnerability in MSN Messenger Could Lead to Remote Code Execution

MS05-023 Vulnerabilities in Microsoft Word May Lead to Remote Code Execution

More information from

  • Article: Get Microsoft's patches for 18 flaws in April
  • Topic: Troubleshoot post-patch problems
  • Tip: Know how to undo your patching mistakes

  • Dig Deeper on Patches, alerts and critical updates

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.