Exploit unleashed for Windows plug-and-play flaw

March 8, 2008 – 6:00 PM

Exploit code was published on Friday for a Windows flaw similar to the vulnerability that led to the Zotob worm that wreaked havoc in August.

The code takes advantage of a bug related to plug-and-play technology in Windows 2000 and Windows XP. Microsoft provided a patch for the flaw on 11 October in security bulletin MS05-047, along with fixes for 13 other Windows flaws. The software maker rated the issue “important”.

The plug-and-play exploit code is not the first to surface for a flaw that was fixed in Microsoft’s October patch cycle. Other exploits have been published on the internet or reported privately. Release of such code is typically a prelude to an attack. However, while some experts have raised the worm alarm, attacks have yet to appear.

The exploit causes a vulnerable system to crash but it’s unlikely to be used for a worm, a Symantec representative said. “It does not gain local access to machines,” the representative said.

A Microsoft representative said on Friday the company is aware of the latest exploit code but noted that no attacks were reported. “Microsoft is actively monitoring this situation to keep customers informed,” the representative said in an emailed statement.

The vulnerability lies in the same Windows component that Microsoft provided a patch for two months ago. That flaw led to the spread of the Zotob worm, which took down systems across the US, including at television network ABC, cable news station CNN and The New York Times.

Microsoft urges users to apply the MS05-047 patch. Users who updated their system with the MS05-039 fix delivered in August are somewhat protected against this flaw as well, the company said. However, if that patch is not installed, the latest flaw could be exploited remotely by an anonymous user on Windows 2000 systems, the company said.


You must be logged in to post a comment.