Attack code out for 'critical' Windows flaw

by admin November 29, 2005 at 1:28 pm

Computer code posted over the weekend can crash vulnerable computers by exploiting a Windows flaw disclosed in October.

The exploit code takes advantage of a flaw Microsoft tagged as “critical.” The bug lies in a Windows component for transaction processing called the Microsoft Distributed Transaction Coordinator, or MSDTC. Microsoft addressed the flaw in security bulletin MS05-051.

“Initial investigation of this exploit code has verified that successful exploitation could lead to a denial of service attack…and not remote code execution,” a Microsoft representative said in a statement. In a denial of service attack a computer would crash, while remote code execution would mean the attacker has full control over a PC.

Users who have applied the MS05-051 patch are protected against exploitation of the flaw, Microsoft said. The patch has been available since Oct. 11, but some users have reported problems with applying the update.

Full story: ZDNet Australia