On mySimon: Meguiar's Gold Class Premium Car Wax
BNET Business Network:
BNET
TechRepublic
ZDNet

January 29th, 2008

Immunity launches exploit for 'unlikely' Windows worm hole

Posted by Larry Dignan @ 5:20 pm

Categories: Exploit code, Hackers, Microsoft, Pen testing, Responsible disclosure, Viruses and Worms, Vulnerability research, Windows Vista, Zero-day attacks

Tags: Vulnerability, Security Company, Microsoft Corp., Exploit, Tcp/Ip, Microsoft Windows, Security, Networking, Operating Systems, Software

A workable exploit attack for a TCP/IP vulnerability in Microsoft’s Windows has been launched into the wild courtesy of security firm Immunity.

On Jan. 17, it became clear that you shouldn’t dawdle on deploying Microsoft’s MS08-001 patch. That patch, issued Jan. 8, fixed a Transmission Control Protocol/Internet Protocol (TCP/IP) processing vulnerability that was critical for XP and Vista. After security firm Immunity issued a proof of concept, Microsoft acknowledged the vulnerability, but said an attack was “unlikely.”

With Microsoft’s assessment it basically threw down the gauntlet. A few days later Immunity is at it again–this time with a workable exploit.

Immunity ships exploits for its paying subscribers has issued a flash movie detailing the exploit in action. It isn’t 100 percent reliable, but the odds are better than unlikely now.

Here are a few screens from the movie:

immunity.png

And.

immunity2.png

Your turn Microsoft. Ryan Naraine has more.

Larry DignanLarry Dignan is Editor in Chief of ZDNet and Editorial Director of ZDNet sister site TechRepublic. See his full profile and disclosure of his industry affiliations.

  • Talkback
  • Most Recent of 14 Talkback(s)
ever heard of triage
It happens everywhere. It's the process of trying to decide which "patients" are critical, which are lost causes and which can wait a while because nothing is going to happen in the immediate future.... (Read the rest)
Posted by: mombo Posted on: 01/31/08 You are currently: a Guest | | Terms of Use
lol  CobraA1 | 01/29/08
Exactly  rpmyers1 | 01/29/08
Unless...  flatliner | 01/30/08
RE: Immunity launches exploit for 'unlikely' Windows worm hole  sshoemaker@... | 01/29/08
exploit works locally and on winxp only  qmlscycrajg | 01/30/08
Yeah ... for now ... (NT)  OButterball | 01/30/08
RE: Immunity launches exploit for 'unlikely' Windows worm hole  mombo | 01/30/08
You're missing the critical difference  masonwheeler | 01/30/08
Well...  ego.sum.stig@... | 01/30/08
Microsoft has released a patch  PB_z | 01/30/08
Divulging an exploit:  Boot_Agnostic | 01/30/08
Forgot  Boot_Agnostic | 01/30/08
RE: Immunity launches exploit for 'unlikely' Windows worm hole  djchandler | 01/30/08
ever heard of triage  mombo | 01/31/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
Learn more about the free, six-month trial offer>>
Learn more about tools to grow your business
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
Save time with the UPS Business Essentials Guide
The more you simplify, the more you save
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
Learn more >>
Reduce risk. Reduce complexity. Increase reliability.
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
Learn more >>
Keep Up With The Latest In Document Management with The DocuMentor.
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
Learn more >>
The best support in the Linux business
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
Learn more >>
advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads