Just one day after Microsoft released its June 2006 security bulletin, hackers have uploaded exploit code that takes advantage of the security weaknesses identified.
Most of the patches released by Microsoft address vulnerabilities that have been widely known. However, at least two new vulnerabilities were disclosed for the first time on June 13 – the same day the security bulletin was issued.
Security firms reported discovering exploit code for the latest vulnerabilities in Microsoft products on June 14. The exploit code for these previously unknown vulnerabilities means that hackers can use it to attack systems that have not yet installed the necessary patches.
Microsoft is aware of the exploit code for several vulnerabilities that have been released on the Internet. With the exception of security bulletin MS06-027 (which addresses a vulnerability that allows attacks on Word), Microsoft has not yet confirmed any attacks using this exploit code, and the code does not affect users who have installed all the security updates from June 2006.
Some of the exploit code released online targets “critical” vulnerabilities in Windows Media Player and the “Routing and Remote Access” feature. The SANS Computer Security Incident Response Team has reported discovering two exploit codes targeting the “Routing and Remote Access” functionality.
