The exploit code takes advantage of a flaw Microsoft tagged as "critical." The bug lies in a Windows component for transaction processing called the Microsoft Distributed Transaction Coordinator, or MSDTC. Microsoft addressed the flaw in security bulletin MS05-051.
"Initial investigation of this exploit code has verified that successful exploitation could lead to a denial of service attack...and not remote code execution," a Microsoft representative said in a statement. In a denial of service attack a computer would crash, while remote code execution would mean the attacker has full control over a PC.
Users who have applied the MS05-051 patch are protected against exploitation of the flaw, Microsoft said. The patch has been available since October 11, but some users have reported problems with applying the update.
This is not the first exploit code for the MSDTC flaw, but it is the first to be published publicly on the Internet. The first exploit was created by security vendor Immunity for users of its penetration testing product.
When Microsoft released its patches, experts were quick to warn that the MSDTC flaw could spawn an attack similar to the Zotob worm that wreaked havoc in August. Such an attack has not occurred. However, the public posting of exploit code could be a sign that an attack is coming, experts have said.
Microsoft said it is not aware of any current attacks that use the latest exploit code. The software maker urges all customers to apply the most recent security updates to protect their systems.
