Proof-of-concept code published for flaw patched in MS06-025
Takeaway: Microsoft has released Security Advisory 921923, which warns users that there's now proof-of-concept code available to exploit the Remote Access Connection Manager Service vulnerability addressed by Microsoft Security Bulletin MS06-025. In addition, Secunia has listed two new critical Microsoft threats on its Web site. In this edition of the IT Locksmith, get the details about these latest threats, and see how the numbers stack up against last year's security bulletins.
Microsoft has released a security advisory warning that proof-of-concept code is now available for a flaw patched in this month's Patch Tuesday release of security bulletins. In addition, Secunia has listed two new Microsoft threats that it's rating highly critical.
Details
On June 23, Microsoft released Security Advisory 921923, "Proof of Concept Code Published Affecting the Remote Access Connection Manager Service." The advisory warns users that there is now proof-of-concept code available to exploit the Remote Access Connection Manager Service vulnerability addressed by Microsoft Security Bulletin MS06-025, "Vulnerability in Routing and Remote Access Could Allow Remote Code Execution," released as part of June's Patch Tuesday.
If you've already installed the security update, this security advisory doesn't affect you. If you've yet to apply the patch, remember that anyone running Windows 2000 is at serious risk for this threat, especially now that proof-of-concept code is circulating.
While this threat also affects Windows XP and Windows Server 2003, the threat level is much lower. So far, the only major problem with the patch affects dial-up users, which shouldn't apply to most TechRepublic readers.
Meanwhile, Secunia.com has listed two new Microsoft threats that it's rating highly critical. Secunia Advisory 20748 discusses a hyperlink object library buffer flow affecting Office macros (CVE-2006-3086).
Secunia Advisory 20686 details a vulnerability in Excel's Repair Mode code (CVE-2006-3059). Microsoft Security Advisory 921365, "Vulnerability in Excel Could Allow Remote Code Execution," offers workarounds for the latter threat. Otherwise, just avoid opening documents and worksheets from untrusted sources.
Final word
The recent Microsoft Security Advisory reminded me that we're halfway through the year, which got me wondering just how Microsoft is doing this year as compared to last. So, I decided to do a little investigating and took a quick look at the list of the 2005 security bulletins to compare them to this year's numbers. The stats are surprisingly close.
June 2005 saw the release of MS05-034 as the final release of the month. This year, we've seen 32 security bulletins in the same six-month period.
What about the severity of the threats? Of the 32 security bulletins in 2006, 19 have been critical threats, 10 were important threats, and three were moderate threats.
For the 34 security bulletins during the same period in 2005, 18 were critical threats, 12 were important threats, and four were moderate threats. Statistically, the numbers are amazingly similar—although whether this has any real significance is questionable.
Two years ago, by the end of June 2004, there had been only 17 security bulletins. Whether that was due to fewer problems or less attention paid by Microsoft security analysts is difficult to determine, so I'll just post the numbers and let it go at that. I will point out that there were a total of 45 security bulletins published by the end of 2004.
So, how is this information useful? It can help us predict how many more threats Microsoft is likely to address by the end of the year.
Microsoft released a total of 55 security bulletins in 2005, and we're on track to see about the same number this year. Even in a "slow" year like 2004, there were 45 security bulletins, so I think we'll see between 50 and 55 bulletins by the end of 2006. Based on past data, slightly more than half of those are likely to be a critical threat.
So, while there seems to be a general feeling that there's a slowdown in the summer months, the numbers prove otherwise. In July 2005, Microsoft released three critical bulletins, while August 2005 saw six security bulletins—three critical, one important, and two moderate threats addressed by the Microsoft security team in the heat of the summer.
Miss a column?
Check out the IT Locksmith Archive, and catch up on the most recent editions of John McCormick's column.
Want to stay on top of the latest security updates? Automatically sign up for our free IT Locksmith newsletter, delivered each Tuesday!
John McCormick is a security consultant and well-known author in the field of IT, with more than 17,000 published articles. He has written the IT Locksmith column for TechRepublic for more than four years.
SponsoredWhite Papers, Webcasts, and Downloads
- IBM BladeCenter S offers big benefits for the small office IBM
- Social Networking: Brave New World or Revolution from Hell? A look at the phenomenon of Social Networking and the implications for Businesses MessageLabs
- 7 Virtualization Challenges: Building a Virtualization-Ready Networking Infrastructure F5 Networks
- IBM Power Systems offer a smart alternative to Windows servers IBM
- Effectively Securing Small Businesses from Online Threats: Minimizing the Risks Associated with Email, Web, and Instant Message Communications MessageLabs
Article Categories
- Security
- Security Solutions, IT Locksmith
- Networking and Communications
- E-mail Administration NetNote, Cisco Routers and Switches
- CIO and IT Management
- Project Management, CIO Issues, Strategies that Scale
- Desktops, Laptops & OS
- Windows 2000 Professional, Microsoft Word, Microsoft Excel, Microsoft Access, Windows XP,
- Data Management
- Oracle, SQL Server
- Servers
- Windows NT, Linux NetNote, Windows Server 2003
- Career Development
- Geek Trivia
- Software/Web Development
- Web Development Zone, Visual Basic, .NET
