February 09, 2010, 9:22 PM — Some of the bugs Microsoft patched today will be exploited by hackers almost immediately, security researchers predicted.
Microsoft's massive update -- a record-tying 13 separate security bulletins that patched 26 vulnerabilities -- gives attackers all kinds of ways to compromise machines and hijack PCs.
Even Microsoft said so: 12 of the 26 vulnerabilities, or 46% of the total, were tagged with a "1" in the company's exploitability index, meaning that Microsoft figures they will be exploited with reliable attack code in the next 30 days.
But some of the flaws will be exploited long before others, said researchers interviewed today.
"The vulnerabilities in MS10-006 and MS10-012 will probably be exploited in just a few days," said Jason Avery, manager of TippingPoint's Digital Vaccine group. "I think exploits for the PowerPoint vulnerabilities [in MS10-004] will also be disclosed within a few days, based on the information we have from ZDI and what we've heard through MAPP."
TippingPoint's Zero Day Initiative (ZDI) -- one of the two major bug bounty programs in the U.S. -- reported information about two of the six PowerPoint flaws to Microsoft. MAPP (Microsoft Active Protection Program) provides technical information about the vulnerabilities it plans to patch to vetted security software developers prior to the release of those updates.
MS10-006 and MS10-012 both involve SMB (Server Message Block), Windows file- and print-sharing protocols, but are not related. Avery based his bet of quick exploitation on the fast hacker reaction to a patch in October 2008. Then, attacks quickly used an exploit of MS08-067, a patch to Windows Server service, to hijack millions of PCs with the Conficker malware .
The PowerPoint update, MS10-004 , was also pegged today by Jason Miller, security and data team manager of patch management vendor Shavlik Technologies, as one that hackers will gravitate toward.