• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Exploits & Vulnerabilities › Malware removal › More exploits out for Windows flaws

More exploits out for Windows flaws

Myantispyware team December 3, 2005     No Comment    

Two new pieces of computer code that could be used in cyberattacks on Windows users were posted on the Web on Wednesday and Thursday.

The exploit posted Thursday is another that could allow a remote attacker to gain complete control over a vulnerable computer. The code takes advantage of a flaw in a Windows component for transaction processing, called the Microsoft Distributed Transaction Coordinator. Microsoft addressed the flaw in security bulletin MS05-051 in October.

The attack code published Wednesday is another that exploits a flaw in the way Windows handles certain graphics files and could cause a vulnerable system to crash. Microsoft provided a patch for the flaw in November with security bulletin MS05-053 and warned that the vulnerability could create an opening for spyware and Trojan horse attacks.

Including these last two, a total of four exploits have been released for the same two Windows flaws since Sunday, according to the French Security Incident Response Team, a security research company.

“It is reasonable to assume as we have seen so much proof-of-concept code distributed for these vulnerabilities that we will eventually see some class of attack,” said David Marcus, security research and communications manager at McAfee.

While availability of attack code could provide cybercriminals with ammunition, patches and security software should shield Windows users, said Steve Manzuik, security product manager at eEye Digital Security.

“I am sure some will try and use the exploits, but the reality is there are patches for these issues and almost every security vendor would have by now added signatures to protect against this stuff,” Manzuik said.

Michael Sutton, director at security intelligence company iDefense, a part of VeriSign, agreed. “These vulnerabilities were patched, so fortunately clients have had weeks to patch,” he said.

Unpatched IE bug is bigger threat

Microsoft is not aware of any attacks that use the latest exploits. However, the company warned this week of an attack that uses a yet-unpatched flaw in Internet Explorer. At least one exploit for that vulnerability also has been publicly released in the past two weeks.

“That’s the biggest threat out there, the Microsoft Internet Explorer vulnerability which has no patch,” Manzuik said. “Currently there are exploits on the Web for this that are not that malicious, but it wouldn’t be too hard for someone to take this and make it malicious.”

Sutton also warned computer users to be on guard for exploitation of the unpatched bug. “The one to pay attention to is the vulnerability that remains unpatched. Microsoft has released an advisory for this but no patch yet,” he said. Microsoft may issue a fix outside of its monthly patching cycle for this problem, Sutton said.

Microsoft’s next monthly patch release is scheduled for Dec. 13.

By Joris Evers, CNET News.com

Exploits & Vulnerabilities Malware removal

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

unwanted ads
How to uninstall ConfigType app/extension from Mac
Expressmyi.fun
How to remove Expressmyi.fun pop-ups (Virus removal guide)
click allow popup
How to remove Very-important.online pop-ups (Virus removal guide)
unwanted ads
How to uninstall DeskProduct app/extension from Mac
Hotrend.biz
How to remove Hotrend.biz pop-ups (Virus removal guide)

Follow Us

Search

Useful Guides

adwcleaner
AdwCleaner – Review, How to use, Comments
How to reset Internet Explorer settings to default
remove android virus
How to remove virus from Android phone
Iphone Calendar virus spam
Iphone Calendar Virus/Spam (Removal guide)
How to reset Mozilla Firefox (Updated Apr. 2018)

Recent Posts

Vulnerability in the Internet Explorer
Determining Sun Java Vulnerability
Spyware: WebHancer – How to remove
KazaaBegone – A Kazaa uninstaller
How to use LSP Fix to repair Winsock 2 settings

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2020 My AntiSpyware - Free antispyware programs and Spyware Removal Instructions.