By Wednesday afternoon, a handful of exploits were already in use, according to Johannes Ullrich of the SANS Internet Storm Center.
Ullrich reported that exploits for both MS06-24, a patch for a Windows Media Player flaw, and MS06-025, a routing and remote access service (RRAS) patch, were both released by a penetration testing vendor to customers.
An exploit for a flaw in Microsoft Word that allows remote code execution was available before the release of the patch, according to SANS, while two exploits for a SMB privilege escalation flaw were also released to the public.
DoS exploits for an IP source routing exploit were also released, according to SANS.
Microsoft released 12 patches for 21 flaws on Tuesday, its largest bulletin release in more than a year. Eight of the patches were deemed critical by Microsoft.
The Redmond, Wash., computing company also released three bulletins it called "important," and one patch for a "moderate" flaw.
_(22).jpg&h=140&w=231&c=1&s=0)
_(20).jpg&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
