Symantec on Friday warned that a working exploit has appeared for one of the vulnerabilities Microsoft revealed last week, making it even more imperative that the patch be deployed.
The vulnerability, dubbed MS05-030 by Microsoft on June 14, relates specifically to Outlook Express, the bare-bones e-mail client packaged with Windows. According to Microsoft, Outlook Express has a bug in its NNTP parsing function that hackers can exploit by creating a news server loaded with malicious code.
Although Microsoft said in its bulletin that users who rely on Outlook Express (OE) as their newsgroup reader are primarily at risk, Symantec noted that because of OE's tight integration with Internet Explorer, past exploits have been able to compromise systems even when OE wasn't actually used on the vulnerable PCs.
Windows 2000, XP, and Server 2003 are affected by this, although Windows XP SP2 is not.
Exploit code for this vulnerability has gone public, Symantec said, and pointed to a French firm, FrSIRT, that had posted the code on its Web site.
If Microsoft's patch cannot be deployed, Symantec recommended that users disable Outlook Express as the news:// URL handler by removing the Windows registry key "HKEY_CLASSES_ROOT\news\shell\open\command" and blocking access to untrusted NNTP servers at the perimeter.
Microsoft Security Bulletin MS05-030