All the latest UK technology news, reviews and analysis

Attackers exploit latest Microsoft flaws

by Tom Sanders in California

25 Jul 2006

Be the first to comment

  • Tweet this
Security researchers have detected exploit code for three vulnerabilities that Microsoft plugged earlier this month
Latest flaws could allow hackers to take control

Security researchers have detected exploit code for three vulnerabilities that Microsoft plugged earlier this month, the SANS Internet Storm Centre has warned. 

Microsoft had issued a severity rating of 'critical' for two of the exploited vulnerabilities.

The first concerns a flaw in the Server component of Windows that could allow an attacker to take control of a system. McAfee warned that hackers could exploit the hole to launch a worm outbreak. 

Security researchers had warned that the vulnerability was the most likely candidate of the July patches for attackers to target.

A second exploit targets a vulnerability in the DHCP Client Service that could lead to a buffer overflow, allowing an attacker to take control of a system. The flaw affects several versions of Windows including XP and Server 2003. 

The final exploit uses a flaw in Microsoft Internet Information Services for some Windows versions. Although XP Pro and Windows Server 2003 are vulnerable, users of the consumer version of XP are not affected. 

The flaw could allow attackers to take control of a system through a specially crafted Active Server Pages file.

Microsoft rated the vulnerability as 'important' because most systems are configured in such a way that they do not allow the code to be executed.

The software giant released updates for the three holes as part of July's security patch, at which time the company fixed a total of 18 vulnerabilities.

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

data-security-key

Thousands of public encryption keys found to offer no security

Related white papers

Related articles

Related jobs

Today's top stories

Web blocking. Content owners want to stop copyright infringement

Music file-sharing site taken offline by UK Serious Organised Crime Agency

Mozilla Firefox logo

Mozilla adds Android and security updates to Firefox roadmap

Acer Aspire S3 Ultrabook

Acer Aspire S3 ultrabook review

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

99%

0%

1%

0%

0%

Features

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

Khidr headshot

Intel will prove Steve Jobs wrong in the mobile market

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

QA Analyst / Web Tester - London

Are you a versatile software tester, who wants to work...

A350 - Senior Programme Lead

An excellent opportunity has arisen working for a prestigious...

Linux System Administrator - Contract - London

Linux System Administrator - RedHat - Apache - Scripts...

MetaTrader 4 Support Engineer FX Spread Betting CFDs London

MetaTrader 4 MT4 Technical Support Engineer required...

To send to more than one email address, simply separate each address with a comma.