Security News > 2005 > November > More attack code for Windows flaws
http://www.smh.com.au/news/breaking/more-attack-code-released-for-windows-flaws/2005/11/29/1133026443579.html By Sam Varghese November 29, 2005 A French research group has released proof-of-concept code for a critical vulnerability in Microsofts Windows which can be exploited to cause a denial of service. Proof-of-concept code demonstrates a method of exploiting a vulnerability. Though in itself not an exploit, it can help in developing one. A patch for this flaw was released by Microsoft in October; the same patch took care of two other unrelated vulnerabilities. The French group FrSIRT said in its advisory that the code it had released was aimed at a flaw in Microsoft's Distribution Transaction Coordinator. The coordinator is a remote procedure call interface that provides methods for different processes to complete transactions with each other, often over a network. The advisory did not say which versions of Windows would be affected by an exploit based on this code. When Microsoft released its advisory back in October it listed Windows 2000, Windows XP Service Pack 1, and Windows Server 2003 as being affected. eEye Digital Security, which discovered the problem and informed Microsoft, rated the severity as high, allowing remote execution of code. Comment has been sought from Microsoft. _________________________________________ Earn your Master's degree in Information Security ONLINE www.msia.norwich.edu/csi Study IA management practices and the latest infosec issues. Norwich University is an NSA Center of Excellence.