Attack code puts Windows PCs at risk

Two new pieces of computer code that could spawn attacks on Microsoft Windows PCs have been released onto the Internet, CNET reports.

The first exploit code takes advantage of a “critical” flaw in the Windows Dynamic Host Configuration Protocol, or DHCP, client. An attacker could gain full control over an unpatched Windows computer using the exploit.

On July 11, Microsoft released a fix for the problem in security bulletin MS06-036, and people who have applied that update are protected.

The second, proof-of-concept code targets a security hole in a Windows component called “mailslot,” which Microsoft patched in bulletin MS06-035.

However, Microsoft said it believes the code takes advantage of a new flaw. The company is monitoring this situation and may issue another patch to fix the variant.