Monday, August 20, 2007

Web 'Uh-Oh' Watch: First Exploit Appears for Patch Tuesday Vulnerability

Gregg Keizer writes on ComputerWorld:

A security researcher has published the first exploit against one of the 14 vulnerabilities patched last week by Microsoft Corp., security company Symantec Corp. has warned customers.

In a posting to the Full Disclosures security mailing list, Alla Bezroutchko, a senior security engineer at Brussels-based Scanit NV/SA, spelled out JavaScript code that crashes Internet Explorer 6.0 on Windows 2000 and Windows XP Service Pack 2. Bezroutchko's proof of concept exploits the critical bug in XML Core Services that was patched by MS07-042.

That update, one of six rated "critical" by Microsoft, affected every currently supported version of Windows, including the new Vista operating system. An analyst last week pegged MS07-042 as one that should be deployed immediately. "MS07-042 affects everything," said Don Leatham, director of solutions and strategies at PatchLink Corp. "There's so much going on with XML in enterprises. That's why this is so dangerous."

More here.

0 Comments:

Post a Comment

<< Home