Exploit Code for Critical Windows Flaw in the Wild
Article by George Norman
On 29 Oct 2008
Remember the out-of-date security patch that Microsoft released the other week, the one that was deemed critical for XP and Windows Server users? We were all taken by surprise when Microsoft announced it, because they are not in the habit of breaking the long-lasting Patch Tuesday tradition – that is unless some crafty hackers are already exploiting a flaw within Windows.

Here is a quick reminder: by exploiting the way in which RPC requests are handled by Windows Server, the attacker could potentially take over a targeted machine (get access to files stored on it, delete said files, install malicious programs on said machine, and so on). The security experts that figured out an exploit, announced it to the public but kept the technical details under wraps for obvious reasons. As is the case with the Internet, you can never keep information away from the public for too long and consequently an exploit code for the MS08-67 vulnerability has leaked out.

Advertising

The exploit code does indeed work, and that is why you need to patch your system right away (assuming you did not do this last week). There are several proof-of-concept exploits available on the net, but they will have no effect on an updated, patched Windows-based operating system.

According to security solutions provider PandaLabs, the vulnerability is already being used by people with malicious intent in order to access confidential data. For example, the Gimmiv.A Trojan detected by PandaLabs will gather the following info: user names and passwords fed to web applications; MSN and Outlook Express passwords; browser details, computer and system name; what patches are installed on the machine. Once collected, all that data is then relayed to a remote server.

There are two exploit codes that caught our attention: the Milw0rm and the one added to the Metasploit attack tool.



Tags: Microsoft, Windows, MS08-67
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 24 Feb 2017
Looking for something to play this weekend but you don’t want to purchase anything? You’re in luck, because Steam’s giving you the change to play these three games for free.
By George Norman on 22 Feb 2017
What’s better than getting to play a game before everyone else? Getting to play it for free, of course! That’s the case with Tom Clancy’s Ghost Recon Wildlands, the open world military shooter that is...
Related News
By George Norman on 07 Oct 2016
Right out of the box, BitTorrent offers a pretty enjoyable user experience. There’s room for improvement though, and all you have to do is turn off a few settings that are enabled by default.
By George Norman on 26 Sep 2016
The thing that annoys me about Windows Photo Viewer is that the background color isn’t black. Not by default anyway. But with a bit of tinkering, it can easily be changed to black.
By George Norman on 23 Sep 2016
With the release of version 3.0, nearly everything about TunnelBear has been improved. But the thing that will strike you most is the redesigned, brand new interface.
By George Norman on 05 Sep 2016
Google recently updated Chrome for desktop and, among other things, tweaked the web browser’s interface so that it is in line with the company’s Material Design philosophy.
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Exploit Code for Critical Windows Flaw in the Wild
HTML Linking Code