Exploits Aplenty for Patch Tuesday Bugs

Less than 24 hours after the release of patches for 21 product vulnerabilities, proof-of-concept exploits are popping up on the Internet.

According to the SANS ISC (Internet Storm Center), a group of volunteers who track malicious Web activity, there are at least five publicly available exploits for flaws patched in Junes Patch Tuesday—including one for the MS06-027, the bulletin that covers a critical Microsoft Word code execution bug.

The Microsoft Word vulnerability has already been used in attacks against specific business targets, and the exploit signals that the window between the release of patches and the creation of exploits has narrowed considerably.

The Word exploit was released by vulnerability researchers at Immunity, a Miami-based penetration testing company.

Immunitys Word exploit was created after the first round of zero-day attacks and released IDS (intrusion detection companies) and larger penetrating testing firms as part of a partner program.

In early June 2006, the company updated its CANVAS product to include modules that exploited the Word bug.

CANVAS is a platform that hosts hundreds of exploits, automated exploitation systems and an exploit framework for penetration testers and security professionals worldwide.

On June 13, just hours after Microsofts patches were shipped, Immunity released proof-of-concepts and CANVAS modules for the MS06-024 and MS06-025 bugs.

Those patches cover “critical,” remote code execution flaws in the ubiquitous Windows Media Player and the RRAS (Routing and Remote Access Service) used in Windows.

Over at Milw0rm, a Web site that publishes exploits submitted by security researchers around the world, there are two separate proof-of-concepts for MS06-030, the bulletin that addresses a pair of flaws in Microsofts implementation of the SMB (Server Message Block) protocol.

/zimages/2/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis InternetsSecurity IT Hub.

The SMB protocol is used in Windows to share files, printers, serial ports, and also to communicate between computers.

The release of exploit code—before or after patches are available—is a controversial practice that is frowned upon by Microsoft.

The company says it has concrete evidence that proof-of-concept exploits are usually modified by malicious attackers to launch attacks against Windows customers.

On the other hand, private security researchers argue that proof-of-concept code can be used by enterprise IT departments to help in vulnerability testing procedures.

On June 13, Microsoft shipped a dozen bulletins with patches for more than a dozen software vulnerabilities affecting Windows, Microsoft Office and Microsoft Exchange.

Eight of the 12 bulletins are rated “critical,” the highest severity rating.

The batch also includes a cumulative Internet Explorer browser update, a patch for a code execution hole in Microsoft PowerPoint and a serious bug in the Windows graphics rendering engine.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.