Microsoft's Patch Tuesday filled with zero-day exploits

14.04.2009
Patch Tuesday arrived with a nasty twist, as six of the spread among the eight patches are already being threatened by exploit code in the wild.

Experts say zero-day exploits exist for vulnerabilities addressed in MS09-009, MS09-010 and MS09-012. Only the MS09-012 patch is not rated as critical. All three patches contain the fixes to thwart the exploits. ( of affected software by patch number). 

Patches MS09-013 and MS09-014, both rated critical, address three vulnerabilities for which exploit tools are publicly available. Both protect against a credential reflection attack that has been a lingering problem.

And attack details are available for vulnerabilities fixed by MS09-015, which is rated moderate and affects Windows and Windows Server versions.

"That window where you had the luxury of not patching, that is shrinking fast," says Wolfgang Kandek, CTO of Qualys. "Here the window is zero for some of these vulnerabilities, and where the exploit code is public it will not take hackers long to get code out there."

Kandek says Qualys is seeing people getting more "professional" with their attacks. "It is not the hobbyists anymore, there are some real research teams spending resources on this, analyzing code and putting out exploits."