14 DAY TRIAL // The French Security Incident Response Team and Symantec have issued separate advisories on Monday related to the exploitation of Windows vulnerabilities. The exploit code released on the Internet targets two different vulnerabilities for which the Redmond Company has provided security updates at the beginning of this month.
The first exploit takes advantage of an unpatched critical vulnerability concerning the DHCP client. The Windows Dynamic Host Configuration Protocol flaw could allow for complete takeover of a compromised machine. While the vulnerability was addressed in Microsoft's security bulletin MS06-036, the two security firms have warned that there are systems running Windows OS that still have to patch the flaw. For the updated copies of the operating system the exploitation posses no threat whatsoever.
While both the French Security Incident Response Team and Symantec have correlated the second exploit to the vulnerability patched in security bulletin MS06-035, Microsoft representatives claim that it may actually be a variant of the mailslot component flaw. The Redmond Company also stated that it will keep a close eye to the situation and that it will release patches for all the new vulnerabilities, but no sooner than August 8.