Web Attackers Train Guns on Patched Windows MDAC Flaw

Malicious hackers are actively exploiting a flaw patched by Microsoft in its April batch of bulletins to hijack computers for use in botnets, according to a warning from malware hunters.

Researchers at Exploit Prevention Labs, an Atlanta-based Internet security outfit, said several bot-seeding scripts are targeting the MDAC (Microsoft Data Access Components) flaw covered in the software maker’s MS06-014 bulletin.

“I’ve seen three different scripts in one week. That’s an indication that at least three different [hacker] groups have independently worked out their own exploit,” said Roger Thompson, chief technical officer at Exploit Prevention Labs.

“As far as I know, there has been no published proof-of-concept for this exploit. Usually, they will simply copy and paste a published exploit with their own payload. But, it looks like they are now reverse-engineering the patches themselves,” Thompson said in an interview with eWEEK.

The flaw is a remote code execution bug that exists in the RDS.Dataspace ActiveX control that is provided as part of the ActiveX Data Objects distributed in MDAC. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internet’s Security IT Hub.

In the latest attacks, Thompson said, Internet users can become at risk by simply browsing to a maliciously rigged Web site or opening a specially crafted e-mail message.

Read the full story on eWEEK.com: Web Attackers Train Guns on Patched Windows MDAC Flaw

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.

Latest Articles