A Matter of Daze

Yesterday I posted a blog entry that links to an article that reveals the scramble that takes place inside a security solutions provider on "Patch Tuesday."

Today can reasonably be called "Exploit Wednesday" because invariably, those with details of vulnerabilities wait less than 24 hours before releasing loads of technical information, which means somebody somewhere simply cannot resist the urge to immediately write exploit code.

Be advised that detailed exploit code has been posted for the vulnerabilities covered by Microsoft Security Bulletins MS05-002, "
Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711) ." So it's probably only a "matter of daze" before the exploit code is used to unleash various forms of malware, including worms, viruses, Trojans, new forms of spyware, new spam tactics, and who knows what else.

The exploit code was published less than 24 hours after the patch became available, which no doubt means that most businesses and individuals have not even had a chance to install that patch. The exploit was published by at least one group that thinks of itself as a security solutions provider. Wishful thinking?

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish