First exploit appears for Patch Tuesday vulnerability

First exploit appears for Patch Tuesday vulnerability
First exploit appears for Patch Tuesday vulnerability 

By Gregg Keizer
August 20, 2007 

A security researcher has published the first exploit against one of the 
14 vulnerabilities patched last week by Microsoft Corp., security 
company Symantec Corp. has warned customers.

In a posting to the Full Disclosures security mailing list, Alla 
Bezroutchko, a senior security engineer at Brussels-based Scanit NV/SA, 
spelled out JavaScript code that crashes Internet Explorer 6.0 on 
Windows 2000 and Windows XP Service Pack 2. Bezroutchko's proof of 
concept exploits the critical bug in XML Core Services that was patched 
by MS07-042.

That update, one of six rated "critical" by Microsoft, affected every 
currently supported version of Windows, including the new Vista 
operating system. An analyst last week pegged MS07-042 as one that 
should be deployed immediately. "MS07-042 affects everything," said Don 
Leatham, director of solutions and strategies at PatchLink Corp. 
"There's so much going on with XML in enterprises. That's why this is so 

Symantec warned users of its DeepSight threat-alert network to expect 
Bezroutchko's crude exploit to be polished soon. "The current proof of 
concept will crash Internet Explorer; however, it is likely that this 
code will be modified to produce a code-execution exploit in the near 
future," read the Symantec warning.

It has become common for exploits to appear within days, if not hours, 
of Microsoft releasing its security updates, to the point that the 
practice even has a nickname: Exploit Wednesday.

According to other research, however, Exploit Wednesday is part myth. 
Hackers don't actually stockpile attack code and synchronize the release 
with the appearance of patches, Craig Schmugar, a security researcher at 
McAfee Inc., said in June when he released the results of a survey of 
200 zero-day Windows vulnerabilities.

"I don't see Exploit Wednesday as a strategically timed release but that 
it comes about simply because more information is being made available," 
Schmugar said.

Attend HITBSecConf2007 - Malaysia 
Taking place September 3-6 2007 featuring seven tracks of technical 
training and a dual-track security conference with keynote speakers 
Lance Spitzner and Mikko Hypponen!  -  Book your seats today! 

Site design & layout copyright © 1986-2015 CodeGods