Exploit Code for Critical Windows Flaw in the Wild
Article by George Norman
On 29 Oct 2008
Remember the out-of-date security patch that Microsoft released the other week, the one that was deemed critical for XP and Windows Server users? We were all taken by surprise when Microsoft announced it, because they are not in the habit of breaking the long-lasting Patch Tuesday tradition – that is unless some crafty hackers are already exploiting a flaw within Windows.

Here is a quick reminder: by exploiting the way in which RPC requests are handled by Windows Server, the attacker could potentially take over a targeted machine (get access to files stored on it, delete said files, install malicious programs on said machine, and so on). The security experts that figured out an exploit, announced it to the public but kept the technical details under wraps for obvious reasons. As is the case with the Internet, you can never keep information away from the public for too long and consequently an exploit code for the MS08-67 vulnerability has leaked out.

Advertising

The exploit code does indeed work, and that is why you need to patch your system right away (assuming you did not do this last week). There are several proof-of-concept exploits available on the net, but they will have no effect on an updated, patched Windows-based operating system.

According to security solutions provider PandaLabs, the vulnerability is already being used by people with malicious intent in order to access confidential data. For example, the Gimmiv.A Trojan detected by PandaLabs will gather the following info: user names and passwords fed to web applications; MSN and Outlook Express passwords; browser details, computer and system name; what patches are installed on the machine. Once collected, all that data is then relayed to a remote server.

There are two exploit codes that caught our attention: the Milw0rm and the one added to the Metasploit attack tool.



Tags: Microsoft, Windows, MS08-67
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 28 Jun 2017
The last time that Yahoo Mail changed its design was back in October 2013, when it celebrated its "sweet sixteen." That old design has now been replaced with a new one, and here's everything that's changed.
By George Norman on 26 Jun 2017
Remember the classic SEGA games of old, the ones that you used to play as a kid? Well, SEGA is taking you on a nostalgia trip by giving you the chance to play these games once more, but this time on your mobile.
Related News
By George Norman on 22 Mar 2017
Buying a new computer is no easy thing. It is a big investment and a big decision that you shouldn’t just rush into. That’s why you have to mull things over and ask yourself a few very important questions.
By George Norman on 07 Jun 2017
Yes, I know that the global PC market is in a downwards spiral for its nth quarter and that mobile usage is on the rise. Still, I argue that a desktop PC is better than all the other alternatives.
By George Norman on 20 Mar 2017
Google Chrome, the web browser that has more than 1 billion users and loads more than 771 billion pages each month, is best known for its minimal interface, lightning fast speed, and wealth of settings. Hidden among them are...
By George Norman on 31 May 2017
Having lots of devices connected to your network and the internet isn't a problem, as long as you keep the bad guys out of the picture. That’s crucial, because they'll exploit any vulnerability that they can find.
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Exploit Code for Critical Windows Flaw in the Wild
HTML Linking Code