Hackers are drooling at the thought of exploiting Microsoft's most recent vulnerabilities, security analysts said Thursday. . . .
Hackers are drooling at the thought of exploiting Microsoft's most recent vulnerabilities, security analysts said Thursday.
Less than 24 hours after Microsoft released details of the latest vulnerability in Windows, hackers were sharing details and eager to get their hands on exploit code, says Ken Dunham, the director of malicious-code research for security-intelligence firm iDefense.

"Hackers are already actively discussing the new JPEG vulnerability and how to exploit it," Dunham says in an E-mail to TechWeb.


Tuesday, Microsoft noted that a bug in Windows XP, Windows XP SP1, and Windows Server 2003, as well as many of the company's flagship applications, could allow attackers to grab control of PCs.


Exploit code exists, Dunham adds, to launch a successful denial-of-service attack on vulnerable applications, proving it's possible to create an exploit that executes code--in other words, make a worm.

"While this type of exploit code has not yet publicly emerged in the [attacker] underground, this does prove that it's more likely for hackers to develop such exploit code," Dunham says.

Another analyst, Vincent Weafer, the senior director of Symantec Corp.'s virus research team, agrees. "We fully expect that [hackers] will go into this," Weafer says. "There's enough knowledge about this [vulnerability] to easily make it exploitable."

The link for this article located at informationweek.com is no longer available.