Tweet
This is a bad one and there is a proof-of-concept code for exploiting this one in the wild: Think Code Red, Blaster, Sasser... Patch and enjoy.
-
This is a bad one and there is a proof-of-concept code for exploiting this one in the wild: Think Code Red, Blaster, Sasser... Patch and enjoy.Hey, Donny! We got us a German who wants to die for his country... Oblige him. - Lt. Aldo Raine -
got it...thanks!
i just hope it doesn't break anything in office '07
installing now!
CC -
Got it. Thanks.Comment
-
tytyQ9450 + TRUE, G.Skill 2x2GB DDR2, GTX 560, ASUS X48, 1TB WD Black, Windows 7 64-bit, LG M2762D-PM 27" + 17" LG 1752TX, Corsair HX620, Antec P182, Logitech G5 (Blue)
Laptop: MSI Wind - Black
Comment
-
What's this, "Vista is much safer than XP" campaign going into high gear?
Comment
-
Actually, Vista and Server 2008 are better equipped to deal with this particular exploit: the exploit will "work", but it only works using an authenticated user's credentials (which really means it doesn't work...it's not really any different than any other RPC command) The OS authenticates first, which stops it from propagating amok; the ticklish part is that if the worm presents good credentials, then this becomes an elevation of priviledge exploit. Note that this is only with the code which has been demonstrated, newer versions of the code could conceivably be written to work for Vista/ Server 2008.
I'm sure a LOT of hackers are going to look at how Vista/ Server 2008 uses this for the next Worm. It's not impossible to exploit, just more difficult. 2000, XP and Server 2003 are extremely vulnerable if not behind a firewall of some kind, because their RPC engine reads the code first, then authenticates... since this is an overflow, the payload is already executing before authentication can be done.Hey, Donny! We got us a German who wants to die for his country... Oblige him. - Lt. Aldo RaineComment
Comment