Critical flaw reported by Microsoft on Tuesday already has exploit

COLLAB distinguished with the APDC / Siemens Innovation Award

The security company eEye is warning that they have already been detected on websites hacking exploits for one of the critical vulnerabilities reported and fixed by Microsoft last Tuesday.

The information provided by the company guarantees that its specialists have already seen published on the Internet two possible exploits for the flaw that affects the plug-and-play Windows, used to simplify the connection of peripherals to the PC.

Remember that this flaw – which allows an attacker to take control of the vulnerable machine – is especially serious for Windows 2000 users, being more difficult to exploit on systems running Windows XP with Service Pack 2 or Windows Server 2003.

The security company warns users to proceed quickly with the update identified by Microsoft as MS05-039, so that they are protected from a possible worm developed based on the proof of concept.

Remember that Microsoft’s monthly security bulletin released six security updates last Tuesday, three of them critical. The most serious failures affect, in addition to the system plug-and-play Windows, the software Print Spoofer and the Internet Explorer image system.

The other three concern problems with Windows Telephony Service, the Remote Desktop Protocol and the Kerberos authentication protocol.

Related News:

2005-08-10 – Microsoft security bulletin for August covers three critical vulnerabilities