Less than 24 hours after Microsoft shipped fixes for code execution holes in Internet Explorer and Windows, proof-of-concepts for remote exploits are popping up on the Internet.
On security mailings lists and at the Milw0rm.com site, there are at least three exploits circulating. These provide a roadmap for attackers to launch remote attacks to take complete control of an Windows machine.
Two of the three target gaping holes in the dominant Internet Explorer browser -- flaws that could be exploited by simply luring the target to surf to a Web page. (See exploit code here and here).
The vulnerabilities -- in the Microsoft Speech API ActiveListen and ActiveVoice ActiveX controls -- have been patched with the MS07-033 bulletin so it's important to treat that update with the highest possible priority.
[ SEE: ‘Critical’ Vista, IE 7 patches highlight MS security updates ]
Will Dorman of the CERT Coordination Center explains the real-world risks:
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer (or the program using the WebBrowser control) to crash.
This patch applies to Internet Explorer 7 on Windows Vista.
Proof-of-concept code for a third exploit was released by Thomas Lim of COSEINC to provide technical details of of a "critical" flaw in the Secure Channel (Schannel) security package in Windows. This bug was patched with MS07-031.
* See step-by-step instructions on configuring Internet Explorer to run securely in our image gallery.