October 28th, 2008
Exploit published for Windows worm hole
Reliable exploit code for the remote code execution vulnerability patched with Microsoft’s MS08-067 update has been posted to the Internet, prompting a new “patch immediately” advisory from the Redmond software maker.
The exploit, which has been added to the freely available Metasploit point-and-click attack tool, provides a roadmap for code execution on Windows 2000, Windows XP, and Windows Server 2003.  A second exploit has been posted to Milw0rm.com, increasing the likelihood of in-the-wild malware attacks.
[ SEE: MS ships emergency patch for Windows worm hole ]
From the Microsoft advisory:
- Our investigation of this exploit code has verified that it does not affect customers who have installed the updates detailed in MS08-067 on their computers. Microsoft continues to recommend that customers apply the updates to the affected products by enabling the Automatic Updates feature in Windows.
Several proof-of-concepts have also been publicly released.
Microsoft shipped an out-of-band update last week to plug the hole after discovering “limited, targeted attacks” against Windows users.  The attacks included the use of reconnaissance Trojans hijacking sensitive system information.
The vulnerability is due to the Windows Server service not properly handling specially crafted RPC requests. The vulnerable Windows Server service provides RPC support, file and print support, and named pipe sharing over the network. It is also used to allow the sharing of your local resources (such as disks and printers) so that other users on the network can access them.
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
