Exploit code circulates for Microsoft security flaws

Exploit code for two of the security flaws patched by Microsoft this week is being circulated on the internet.

The most serious threat is to the Windows Workstation technology. Microsoft issued a “critical” security patch for a flaw in this software, and the exploit code targets users operating the solution in a Windows 2000 environment.

Internet security software company Symantec said the exploit code was posted on a hacking site yesterday. Windows Workstation is used to support file-sharing and network printing.

There are fears that the exploit code could be used to spread a self-replicating worm over corporate networks. Symantec is also warning that exploit code is circulating on the internet to take advantage of the patched Windows Client Service for Netware software.

The patch for this flaw was deemed “important” by Microsoft, as it posed less of a threat to users. Microsoft issued a total of six patches on Tuesday. Symantec has not so far reported any exploits of customer systems using the rogue code in circulation.

Comment on this article: computer.weekly@rbi.co.uk