Windows 2000 and Windows XP Exploit Code Published

Microsoft announced today that proof of concept code had been released for the recently fixed vulnerability in the Workstation service in Windows 2000 and Windows XP SP2. As of this posting Microsoft has not seen any indications of active exploitations of this vulnerability.

Here is the link to the security advisory:

Microsoft is aware of public proof of concept code targeting the vulnerability addressed by security update MS06-070. At this time Microsoft has not seen any indications of active exploitation of the vulnerability Microsoft has activated its emergency response process and is continuing to investigate this public report. Source: Microsoft Security Advisory (928604) via

Here is the original security bulletin:

This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.

An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Source: Microsoft Security Bulletin MS06-070

They say you can help block this vulnerability by Blocking TCP ports 139 and 445 at the firewall.