We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Microsoft Workstation Service exploits emerge

MS flaw patched only days ago

Detailed exploit code has already become available for a critical flaw in a Microsoft Workstation Service function that was patched only two days ago as part of Microsoft's security updates for November.

The remotely exploitable buffer-overrun flaw was addressed in Microsoft Security Bulletin MS06-070 and allows malicious attackers to take complete control of compromised systems. The flaw allows attackers to create new user accounts, install programs and view, modify or delete data. It is considered by security analysts to be the most serious of the seven 'critical' flaws disclosed by Microsoft this month.

"Microsoft is aware that detailed exploit code was published on the internet claiming to exploit the vulnerability in the Workstation Service addressed by MS06-070," the company said. Security Engineers at the Microsoft Security Response Center are currently investigating the accuracy of this claim, and the company will issue a security advisory as soon as possible, Microsoft added.

The company also stressed that the vulnerability is critical only on Windows 2000 systems.

Amol Sarwate, manager of the vulnerability management lab at security vendor Qualys, said his company has so far seen at least two examples of exploit code targeted at the Workstation Service vulnerability. Qualys is in the process of testing one of the exploits to see how effective it really is, he said.

"What this highlights is just how quickly exploits are becoming available [for new vulnerabilities]," said Sarwate. "So far, there has not been any evidence of a virus or a mass worm taking advantage of the exploit, but it is only a matter of time."

It's only taking a few hours to reverse engineer patches to create new exploits, Sarwate added.

One of the exploits that has become available for the workstation service flaw was developed by Immunity. The Miami Beach-based penetration-testing company was able to develop a proof-of-concept code against the flaw one hour after Microsoft released a patch for it on Tuesday and a fully working exploit in about three hours, said Kostya Kortchinsky, a senior researcher at Immunity. The code has been tested and found to be working "perfectly well" against several versions of Windows 2000, including Service Pack 3 and SP4, he said.

The only mitigating factor is that an attacker would need to have a domain controller set up and accessible somewhere around the machine that is being attacked for the exploit to work, he said.

Immunity has also developed working exploit code attacking vulnerabilities in client service for NetWare that was also disclosed by Microsoft this week. The flaw and patch for it was described in Microsoft Security Bulletin MS06-066.


IDG UK Sites

Best Black Friday 2014 tech deals: Get bargains on smartphones, tablets, laptops and more

IDG UK Sites

What the Internet of Things will look like in 2015: homes will get smarter, people might get fitter

IDG UK Sites

Artist creates a geometric rave in a chapel for The House of St Barnabus

IDG UK Sites

Mac mini (Late 2014) 1.4 GHz review: Mac mini is sort of upgradable, but is it any good as it is?