eEye Digital Security is alerting administrators to the existence of exploit code for the recently added Plug and Play Service vulnerability, which Microsoft patched this week as part of the August Security Update (security bulletin MS05-039).

About the Exploit
Today, several instances of exploit code targeting the vulnerability discussed in MS05-039 were released to the world. The eEye Research Team, upon discovering two instances of exploit code online, conducted thorough testing to confirm that both present a legitimate threat to Windows 2000 systems (completely patched SP 4 with all hotfixes). One exploit, released by an anonymous author, will bind a command prompt to TCP port 8721.

eEye reiterates our original position that users should consider this patch highly critical, and that it should be installed as soon as possible. For networks with multiple versions of Windows operating systems, eEye recommends allocating resources to remediate systems in this order:

* Windows 2000 (All Service Packs) * Windows NT * Windows XP * Windows 2003

As a refresher, the vulnerability is an unchecked buffer in the Plug and Play service that can be exploited as a privilege escalation or to run remote code as SYSTEM. Users running Windows 2000 are vulnerable to a potential worm attack that would take advantage of this flaw. The Microsoft patch updates the Plug and Play service code to validate the length of a message before it passes it to the allocated buffer.
MS05-039 Vulnerability in Plug and Play Could Allow Remote code Execution and Elevation of Privilege (89958
Microsoft Severity Rating: Critical http://www.microsoft.com/technet/security/bulletin/MS05-039.mspx