Exploits are circulating for at least two new vulnerabilities in Microsoft software, barely two days after the critical security holes were disclosed in security advisories. The swift availability of working exploit code provides additional incentive for Windows users to update their systems promptly following the monthly release of security patches.
Microsoft acknowledged Thursday that "detailed exploit code " had been published for a vulnerability in Plug and Play technology that could allow a remote attacker to take control of a Windows machine via the Internet, with Windows 2000 systems being at particular risk. "Users running Windows 2000 are vulnerable to a potential worm attack that would take advantage of this flaw," noted security research firm eEye Security. The vulnerability, known as MS05-039, is addressed in the latest Windows Update patches issued Tuesday.
Proof-of-concept exploit code has also been released for vulnerabilities in MS05-038, which includes several new security holes that allow remote code execution. Microsoft has fixed a corrupted patch for MS05-038, which delayed repairs for some users of the Microsoft Download Center (download.microsoft.com).
In its updated advisory, Microsoft said it is "disappointed that certain security researchers have breached the commonly accepted industry practice of withholding vulnerability data so close to update release and have published exploit code, potentially harming computer users."