Exploits Circulating for Latest Windows Holes

1sockchuck writes "Exploits are already circulating for at least two (and possibly four) of the Windows security holes addressed in Microsoft's updates on Tuesday. Several working exploits have been released for a new vulnerability in Windows Plug and Play technology, which could be used to spread a worm targeting Windows 2000 machines, according to eEye security, which has released a free scanner to help network admins identify vulnerable computers."

Why is this surprising?

[SkiifGeek]

The recent article on the front page here (2 down at the moment), talks about vulnerabilities linked to MS05-038 being in the wild in mid July (actually quite a bit earlier, but we will give them the benefit of the doubt). There have been a number of minor exploits in existence for at least a month and a half with respect to some image handling capabilities through IE (also MS05-038).

Security-Protocols claimed to have discovered the vulnerability linked to MS05-041, and there were some minor claims that other people had been able to make it into exploits which weren't widespread.

I initially thought that the Plug and Play vulnerability was linked to a report on an overflow with respect to handling USB devices (which has also been reported), but it seems to be much worse.

I am fully aware of the reasons why companies EOL their software, but Microsoft's cessation of mainstream support for Win 2000 might be coming back to bite them, given that Win 2000 is just as vulnerable to these exploits as Win XP and 2003, if not more so.

Re:Not to worry...

[guildsolutions]

Microsoft with all its massive billions of dollars, charging in excess of $300 for a full, licesned version of Windows XP Proffessional... Cannot afford to write clean, bug free code?

As a programer myself I am often faced with the idea of completely re-writing my code, not just leaving the function sit, while being unused.

Compare to Apple's OS X (granted, the numbers argument about there is not a mass majority to spread a major virus even if it was to be discovered), why cant Microsoft decide to take shape, and start producing a REAL operating system that is built upon firm solid foundations of bug free (realitivly) code. They have admited in the past that they have pushed features ahead of security, and yet our major corporations still tout that microsoft is secure enough for there senstive finiancial information.

Give me a break will ya? I really just wish that microsoft would have a much more open beta, much more strict adherance to quality code, and less mouthpeices saying how great there stuff is.

Re:Is it really New?

[99BottlesOfBeerInMyF]

So isn't this just an old exploit that was just found?

No. This is an old vulnerability that was just published, and had new exploits written and published for it. That is not to say other exploits have not existed for this vulnerability for the last five years.

Re:Not to worry...

[whoever57]

I think that you have to assume there will be bugs in the code. I am sure Apple has bugs. The real question, is: why are there so many listening ports on a Windows NT/2K/XP machine? Even one that has no files shared for users. What does it need them for? MS recommends running a firewall, which rather defeats the purpose of any listening ports, including such things as the administrative shares. In this case, we have some code that is supposed to detect new hardware apparently listening on the Ethernet port. Why? New hardware is going to fly down the network? Wow! MS should patent that now since it would put UPS and Fedex out of business. So, I don't think it is so much a bug as "what in $DEITY's name were they thinking when they designed this feature?"