By Gregg Keizer
August 20, 2007
A security researcher has published the first exploit against one of the
14 vulnerabilities patched last week by Microsoft Corp., security
company Symantec Corp. has warned customers.
In a posting to the Full Disclosures security mailing list, Alla
Bezroutchko, a senior security engineer at Brussels-based Scanit NV/SA,
Windows 2000 and Windows XP Service Pack 2. Bezroutchko's proof of
concept exploits the critical bug in XML Core Services that was patched
That update, one of six rated "critical" by Microsoft, affected every
currently supported version of Windows, including the new Vista
operating system. An analyst last week pegged MS07-042 as one that
should be deployed immediately. "MS07-042 affects everything," said Don
Leatham, director of solutions and strategies at PatchLink Corp.
"There's so much going on with XML in enterprises. That's why this is so
Symantec warned users of its DeepSight threat-alert network to expect
Bezroutchko's crude exploit to be polished soon. "The current proof of
concept will crash Internet Explorer; however, it is likely that this
code will be modified to produce a code-execution exploit in the near
future," read the Symantec warning.
It has become common for exploits to appear within days, if not hours,
of Microsoft releasing its security updates, to the point that the
practice even has a nickname: Exploit Wednesday.
According to other research, however, Exploit Wednesday is part myth.
Hackers don't actually stockpile attack code and synchronize the release
with the appearance of patches, Craig Schmugar, a security researcher at
McAfee Inc., said in June when he released the results of a survey of
200 zero-day Windows vulnerabilities.
"I don't see Exploit Wednesday as a strategically timed release but that
it comes about simply because more information is being made available,"
Attend HITBSecConf2007 - Malaysia
Taking place September 3-6 2007 featuring seven tracks of technical
training and a dual-track security conference with keynote speakers
Lance Spitzner and Mikko Hypponen! - Book your seats today!