More attack code surfaces for recent MS security holes
Just days after Microsoft Corp. warned its customers about the release of code that can exploit a hole in its Secure Sockets Layer (SSL) library, new code that claims to exploit another recently disclosed hole surfaced on a French language Web site.
The computer code can be used by a remote attacker to trigger a buffer overrun vulnerability in the Local Security Authority Subsystem Service (LSASS), according to a message posted to www.k-otik.com. Microsoft released a patch for the LSASS vulnerability,
MS04-011, on April 13, along with fixes for the SSL problem and a number of other vulnerabilities.