Internet Storm Center reported about available exploit code for MS06-034, MS06-035, and MS06-036.
If you haven’t already patched for these vulnerabilities you should take immediate action.
MS06-034 – unchecked IIS buffer vulnerability in ASP files processing
This patch fixes what seems to be a buffer overflow in IIS. This buffer overflow can be exploited when IIS is processing ASP files.
In other words, in order to exploit this vulnerability, an attacker has to somehow be able to upload ASP files on the target server, which is running IIS (versions 5.0, 5.1 and 6.0 are affected). Normally, you would require a user to authenticate before they can upload files to the server, so the vulnerability is rated moderate/important.
In case that you do allow people to upload ASP files on your IIS server, it would be wise to apply the patch as soon as possible, although we don’t know about any public exploits yet.
The vulnerability can be exploited remotely against the “Server” service.
So this would definitely be something that could be used for
widespread compromise with no user interaction, or a worm.
Looks like Windows 2000 SP4 is vulnerable by default. Windows XP SP2
and Server 2003 don’t appear to be vulnerable with a default
installation unless services are listening on Mailslots. At this
point, it is unclear exactly what software would enable Mailslots to
create a vulnerable condition.
MS06-036 – unchecked buffer Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388)
MS has said systems “Primarily” at risk are Microsoft Windows 2000, Windows XP and Windows Server 2003.
“How could an attacker exploit the vulnerability?
An attacker could exploit the vulnerability by answering a client’s DHCP request on the local subnet with malformed packets.”
“Could the vulnerability be exploited over the Internet?
An attacker could try to exploit this vulnerability over the Internet.”
“Are Windows 98, Windows 98 Second Edition or Windows Millennium Edition critically affected by this vulnerability?
No. Although Windows 98, Windows 98 Second Edition, and Windows Millennium Edition do contain the affected component, however the vulnerability is not critical.”