PoC Available for Patched Microsoft Vulnerability

Microsoft has issued a Security Advisory warning users of published PoC of a vulnerability in Workstation Service that could allow Remote Code Execution. However, Microsoft has not as yet received any feedback that would indicate that there have been successful exploits as a consequence of the PoC.

"Microsoft is aware of public proof of concept code targeting the vulnerability addressed by security update MS06-070. At this time Microsoft has not seen any indications of active exploitation of the vulnerability," stated Adrian Stone, MSRC Program Manager.

Up until now, there have not been active exploits impacting the vulnerability in Workstation Service for Microsoft Windows 2000 Service Pack 4 and Microsoft Windows XP Service Pack 2 because the flaw had been fresh and privately reported to Microsoft.

In fact, the Redmond Company became aware of the published PoC only after it has issued a patch for the respective vulnerability. A mitigating factor for the vulnerability associated with Workstation Service is installing Microsoft Security Bulleting MS06-070.

"Microsoft continues to recommend that customers apply the November updates as soon as possible with additional urgency and consideration given to the update detailed in MS06-070. Customers can ensure that the updates are being installed by enabling the Automatic Updates feature in Windows or by using their deployment infrastructure in their enterprise or small business," reads Microsoft's Security Advisory.