Exploit Code Out For Critical Bug, Warns Microsoft

A security advisory has been issued for unpatched users. Most at risk are Windows 2000 users.

Gregg Keizer, Contributor

June 26, 2006

1 Min Read
InformationWeek logo in a gray background | InformationWeek

Microsoft on Friday acknowledged that "detailed exploit code" for a critical Windows vulnerability has been published on the Internet, and issued a security advisory to help users who haven't been able to patch.

Although the Redmond Wash. developer issued a security update -- MS06-025 -- on June 13 to fix the flaw in Windows' Routing and Remote Access (RRA) service, unpatched systems are at risk because of the new exploit code.

The exploit, which was published by H.D. Moore on at least one Web site and added to the Metasploit framework Thursday, ups the threat Microsoft's advisory said.

PCs running Windows 2000 are most at risk. "Customers running Windows 2000 should deploy MS06-025 as soon as possible or disable the RASMAN service." Windows XP SP2 and Windows Server 2003 users are somewhat safer, as the attacker needs valid logon credentials to exploit the vulnerability.

As usual, Microsoft blasted the early appearance of the exploit code.

"Microsoft is disappointed that certain security researchers have breached the commonly accepted industry practice of withholding vulnerability data so close to update release and have published exploit code, potentially harming computer users."

Although the MS06-025 patch protects PCs from the exploit, the advisory also spelled out several workarounds users could take if they had not yet patched their systems. The workarounds included disabling the Remote Access Connection Manager service (RASMAN) and/or blocking a number of ports at the firewall.

MS06-025 sported a spotted record even before the exploit code went public. Last week, Microsoft admitted the patch caused problems for some users, and said it would reissue the update.

About the Author

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights