Exploit Code for Critical Windows Flaw in the Wild
Article by George Norman
On 29 Oct 2008
Remember the out-of-date security patch that Microsoft released the other week, the one that was deemed critical for XP and Windows Server users? We were all taken by surprise when Microsoft announced it, because they are not in the habit of breaking the long-lasting Patch Tuesday tradition – that is unless some crafty hackers are already exploiting a flaw within Windows.

Here is a quick reminder: by exploiting the way in which RPC requests are handled by Windows Server, the attacker could potentially take over a targeted machine (get access to files stored on it, delete said files, install malicious programs on said machine, and so on). The security experts that figured out an exploit, announced it to the public but kept the technical details under wraps for obvious reasons. As is the case with the Internet, you can never keep information away from the public for too long and consequently an exploit code for the MS08-67 vulnerability has leaked out.

Advertising

The exploit code does indeed work, and that is why you need to patch your system right away (assuming you did not do this last week). There are several proof-of-concept exploits available on the net, but they will have no effect on an updated, patched Windows-based operating system.

According to security solutions provider PandaLabs, the vulnerability is already being used by people with malicious intent in order to access confidential data. For example, the Gimmiv.A Trojan detected by PandaLabs will gather the following info: user names and passwords fed to web applications; MSN and Outlook Express passwords; browser details, computer and system name; what patches are installed on the machine. Once collected, all that data is then relayed to a remote server.

There are two exploit codes that caught our attention: the Milw0rm and the one added to the Metasploit attack tool.



Tags: Microsoft, Windows, MS08-67
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 07 Jun 2017
Yes, I know that the global PC market is in a downwards spiral for its nth quarter and that mobile usage is on the rise. Still, I argue that a desktop PC is better than all the other alternatives.
By George Norman on 24 Jul 2017
As someone who has been using Firefox day-to-day for a very – VERY – long time, I’ve grown to know a lot about Mozilla’s web browser. As such, I thought it a good idea to share part of my knowledge with you and highlight 10 tips & tricks that I’m sure you’ll find very useful.
By George Norman on 31 May 2017
Having lots of devices connected to your network and the internet isn't a problem, as long as you keep the bad guys out of the picture. That’s crucial, because they'll exploit any vulnerability that they can find.
By George Norman on 26 Jul 2017
Top-notch real-time protection against viruses doesn’t have to cost money, not if you go with the recently introduced Kaspersky Free antivirus solution. It may not come with a lot of bells and whistles, but it nicely covers all the basics and...
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Exploit Code for Critical Windows Flaw in the Wild
HTML Linking Code