Proof-of-concept exploit code offering step-by-step instructions to attack worm holes in Microsoft Windows have started appearing on the Internet, prompting a new round of "patch-now-or-else" warnings from computer security experts.
The exploits, publicly released on the Milw0rmWeb site and privately available to partners of penetrating testing firm Immunity, target a pair of critical vulnerabilities patched by Microsoft on Nov. 14.
The Milw0rm exploit, released by a hacker called "cocoruder," takes aim at the high-severity bug covered in the MS06-070 bulletin and can be used to launch a network worm against unpatched Windows 2000 systems.
"It [an attack] can be launched remotely over the Internet, without any user action whatsoever," Sarwate said in an interview with eWEEK.
The "cocoruder" exploit code has been tested against Chinese-language versions of Windows but, with minor tweaking, Sarwate said it can be expanded to hit other targets.
Immunity, hãng sản xuất CANVAS, cũng đã có exploit cho MS06-070 và các MS06-xxx khác:
"Our exploit works against English-language versions [of Windows]," says Kostya Kortchinsky, a senior researcher at Immunity. "We've successfully tested it to launch code against Windows 2000 SP3 and SP4."
Since Microsoft's Nov. 14 Patch Tuesday, Immunity has released a total of six proof-of-concept and working exploits against flaws covered in the updates.
On Nov. 13, the company also posted attack code for the Microsoft XML Core Services 4.0 flaw that was being used in targeted zero-day attacks.
In an interview with eWEEK, Kortchinsky said the company has also reverse-engineered the patches in Microsoft's MS06-066 bulletin to a code-execution exploit for Windows XP SP2.
He said Immunity's MS06-066 exploit is also capable of defeating the software-enforced DEP (Data Execution Prevention) that is enabled by default in XP SP2 to reduce exploits of exception handling mechanisms in Windows.
The MS06-066 update, rated "critical," covers a pair of vulnerabilities in Client Service for NetWare, the feature that allows the client to access NetWare file, print and directory services.