Within the last week, two large-scale releases of malicious code have included exploits for a vulnerability that Microsoft patched in April 2006. The weekend's defacement of more than 70,000 Web sites and the installation of an MBR rootkit both require exploitation of the number of older vulnerabilities, including MS06-014. Why bother?
The original security bulletin for MS06-014 was posted back in April 2006. It concerned a flaw within the Microsoft Data Access Components (MDAC), specifically within the RDS.Dataspace ActiveX control, that is part of the ActiveX Data Objects (ADO) distributed in MDAC. Shortly after the patch was … Read more