Security vendor Symantec alerted customers to two
exploits using already-patched vulnerabilities.
The exploits target two core Windows components, according to Dave Cole,
Director of Symantec’s Security Response.
Although Microsoft patches released July 11 easily foil both the DHCP and “mailslot” exploits, writers of the attack code know “a lot of people take their sweet time patching their system,” according to Cole.
The first exploit uses a “critical” vulnerability in the Windows DHCP
client that enables consumers to easily go online.
The malicious code
could allow attackers to seize control of unpatched systems, Cole
said.
Applying the patch found in the MS06-36 security bulletin resolves the potential risk.
Using a known vulnerability in the Windows core messenger service,
the mailslot proof-of-concept exploit is currently limited to
denial-of-service.
However, the modest attack could be revised to
include more damage, warned Cole.
Like the DHCP exploit, systems that
applied the earlier Microsoft patches are safe.
Why do authors of exploits bother with vulnerabilities already
corrected?
Even after patches are released, attackers “cast out the
tuna nets” seeking unpatched systems, said the security expert.
To cause damage, the trolling for victims needn’t work every time,
Cole said.
In a related update, Microsoft unveiled a toolkit allowing companies to block automatic delivery of Internet
Explorer 7 as a high-priority update via Automatic Updates for XP and
Windows Server 2003.
The final version of IE 7 is expected during the
fourth quarter of 2006, according to Microsoft.
The software company also released an update to the beta version of its Internet
Explorer 7.
The update resolves problems IE 7 beta 3 users
encountered with the Yahoo toolbar, according to Microsoft.