More attack code surfaces for recent Microsoft security holes
Just days after Microsoft warned its customers about the release of code that can exploit a hole in its Secure Sockets Layer (SSL) library, new code that claims to exploit another recently disclosed hole surfaced on a French language Web site. The computer code can be used by a remote attacker to trigger a buffer overrun vulnerability in the Local Security Authority Subsystem Service (LSASS), according to a message posted to www.k-otik.com. Microsoft released a patch for the LSASS vulnerability, MS04-011, April 13, along with fixes for the SSL problem and a number of other vulnerabilities. Full Story