Hackers can use new patches of Microsoft for the attacks

The Qualys company this week showed how after the patch research from Microsoft to start the attack for failure of service on the DNS server running Windows. In the same way hackers can act, making the attacks. Specialists urge to set patches of Microsoft immediately after their monthly exit.

The patch used by Qualys intended for closing of two tears in the system of the Windows DNS server. By parameters of Microsoft they were estimated as critical. The company stated that it did not expect a possibility of use by hackers of these vulnerabilities within a month, but Qualys showed how it is possible to apply exploits.

The engineer of Qualys Bharat Jogi in the blog wrote that in the company decided to conduct a patch research for the best understanding of the mechanism of vulnerability and found out that it can be activated several simple actions. "As the described experiment is shown by service failure, attacking quite can provide accomplishment of a malicious code", - Jogi noted.

Qualys used the instrument of "bit comparison" under the name TurboDiff to compare the corrected and uncorrected versions of files of the attacked DNS server. Such procedure helps experts in the field of security "understand the made changes for elimination of vulnerabilities which this patch is designed to correct", but also can help hackers to receive data - how to use vulnerability, and to apply it against systems on which security update is not set.

After vulnerabilities were revealed, Qualys installed two DNS servers in laboratory and led one of them to failure, having made several teams. After this experience the company recommended to the clients to execute scanning by means of the software of own development of QualysGuard and "carry out updating of a security system as soon as possible".

Correction for the DNS server under Windows was one of two critical corrections made Microsoft this month. Other patches eliminated seven "holes" of century Internet Explorer. Concerning a patch for IE Microsoft warned that clients "possibly, will face the operating exploits in the next 30 few days".

Security systems specialists of Windows recommend to carry out updating by means of corrections immediately, after their receiving.