Exploits Circulating for Unpatched
Although Microsoft released a string of patches to fix security flaws in Windows and Microsoft Office last week, security experts are warning of several "in-the-wild" exploits that are now targeting unpatched systems.
In recent months, hackers have increased the speed at which they can create malicious software that targets security flaws for which patches have just been issued.
Whenever a patch is issued, it typically comes with an extensive advisory that details the vulnerability and the effect the patch might have on other software.
This information allows hackers to begin building exploits to target systems whose users have not yet installed the latest updates.
Microsoft's set of patches, released last Tuesday, included 12 individual fixes to address 21 security vulnerabilities, many of them rated critical. They addressed issues in Windows, Internet Explorer, Word, PowerPoint, and Exchange Server.
"They range in severity from a denial-of-service attack to remote-code execution that could lead to full system compromise," said Michael Sutton, director of VeriSign's iDefense Labs.
Microsoft responded to the news of the in-the-wild exploits by saying that it is aware of the code being published online and is actively monitoring the situation to keep customers informed.
"Microsoft's investigation verified that the exploit code does not affect users who have installed all June security updates on their computers," said a Microsoft spokesperson.
"The vulnerabilities disclosed by Microsoft last week have a very direct impact on consumers as the majority are client-side vulnerabilities," Sutton said. "Client-side vulnerabilities tend to be used in attack scenarios that target consumers, such as phishing scams or identity theft."
Sutton advised consumers to apply patches immediately and be proactive in their installation of security software -- such as firewall and antivirus tools -- so that they will be protected when future vulnerabilities emerge.
Copyright Â© 2006 NewsFactor Network, Inc.