The exploit is against the MSDTC vulnerability within Windows, which was patched Tuesday by Microsoft and outlined in its MS05-051 security bulletin. Because the MSDTC component -- which coordinates any sort of transaction on multiple servers -- is enabled by default and remotely exploitable on Windows 2000 systems, experts fear that the bug will result in a repeat of the Zotob attacks of August. Most security analysts named the flaw as the most dangerous of Tuesday's bunch.
Wednesday, an exploit was made available to customers of Immunity Security's Canvas vulnerability tool, said security giant Symantec in an alert to users of its DeepSight Threat Management System.
"It's a fully-functional exploit that's shipping to [Canvas] customers," said Alfred Huger, the senior director of engineering for Symantec's security response team.
Huger believes that a working exploit will soon hit vulnerable systems. "If [Immunity] can write it, others will, too. Expect something in pretty short order."
The Zotob bot worm appeared just five days after the disclosure of a Plug and Play vulnerability in Windows 2000, and Huger wouldn't be surprised to see the pattern repeat.
"This vulnerability will be impossible for some [hackers] to resist," Huger said. "The target environment is just too rich." Download free scanner tool!<!-- PAGE NUMBERS -->