Ginormous Windows remote code execution vulnerability

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • bascule
    omgpwnies!
    • Jul 2003
    • 1946
    #1

    Ginormous Windows remote code execution vulnerability

    http://support.microsoft.com/kb/958644

    There's a remote code execution vulnerability in virtually every relevant version of Windows released. The vulnerability is in the "Server service", which provides file and print sharing among other things.

    Raise your hand if you think a new worm is on the way...
    9
    Yes
    55.56%
    5
    No
    0%
    0
    I don't know
    11.11%
    1
    I don't care
    0%
    0
    I have the invisible hand of economics, can't you tell if it is up or down?
    33.33%
    3

    The poll is expired.

    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
    [ redacted ]
    Tags: None
    • bascule
      omgpwnies!
      • Jul 2003
      • 1946
      #2
      Re: Ginormous Windows remote code execution vulnerability

      Here's a bit more information on it:

      http://www.infoworld.com/article/08/...s_patch_1.html
      45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
      45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
      [ redacted ]

        Comment

        • TheCotMan
          *****Retired *****
          • May 2004
          • 8857
          #3
          Re: Ginormous Windows remote code execution vulnerability

          Yep. A new work is almost certain. So, which spammer will have a brand new pack of zombie hosts? Any guesses on what abusive purpose will be first to take advantage of this as a worm? Distributed password cracking? Spamming? Click-through banner and advertising hit augmentation? pop-up software installs? Torrent servers or file servers for "warez" (illegally pirated software.)

            Comment

            • Thorn
              Easy Bake Oven Iron Chef
              • Sep 2002
              • 1819
              #4
              Re: Ginormous Windows remote code execution vulnerability

              MS is sending this out aggressively on the Automatic Update system, and MS Partners have been sent an email saying that this is a high priority patch for themselves first and then all their clients.
              Thorn
              "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

                Comment

                • C-Rex
                  Member
                  • Aug 2008
                  • 12
                  #5
                  Re: Ginormous Windows remote code execution vulnerability

                  Got myself a front row seat here at the ol'MS datacenter.
                  A lot of frantic patching goin on round here.

                  Also, New York Times reporting exploit code is now live.

                  My poor servers at home! God! When will this shift END!

                    Comment

                    • Gadsden
                      Goon
                      • Jul 2002
                      • 1241
                      #6
                      Re: Ginormous Windows remote code execution vulnerability

                      Yup.. cover your cornholes.. it is gone from being silently exploited in the wild to a worm/trojan:
                      http://security.blogs.techtarget.com...vulnerability/
                      Happiness is a belt-fed weapon.

                        Comment

                        • TheCotMan
                          *****Retired *****
                          • May 2004
                          • 8857
                          #7
                          Re: Ginormous Windows remote code execution vulnerability

                          Originally posted by TheCotMan
                          Yep. A new work is almost certain. So, which spammer will have a brand new pack of zombie hosts? Any guesses on what abusive purpose will be first to take advantage of this as a worm? Distributed password cracking? Spamming? Click-through banner and advertising hit augmentation? pop-up software installs? Torrent servers or file servers for "warez" (illegally pirated software.)
                          Originally posted by che
                          Yup.. cover your cornholes.. it is gone from being silently exploited in the wild to a worm/trojan:
                          http://security.blogs.techtarget.com...vulnerability/
                          I guess the winner payload of the first exploit is, "Data Harvesting/Credential Harvesting."

                          Nice link che. :-)

                            Comment

                            • 0x58
                              a.k.a X-Istence
                              • Oct 2006
                              • 183
                              #8
                              Re: Ginormous Windows remote code execution vulnerability

                              Exploit proof of concept is up on milw0rm in case anyone is interested in the code!

                                Comment

                                • Gadsden
                                  Goon
                                  • Jul 2002
                                  • 1241
                                  #9
                                  Re: Ginormous Windows remote code execution vulnerability

                                  Snort sigs here:
                                  http://www.emergingthreats.net/cgi-b...PLOIT_MS08-067
                                  Happiness is a belt-fed weapon.

                                    Comment

                                    • xor
                                      not
                                      • Aug 2007
                                      • 1347
                                      #10
                                      Re: Ginormous Windows remote code execution vulnerability

                                      Anyone have a time lime on this? Just curious.

                                      xor

                                      By the way Kudos to Bascule for always being on top of this stuff. We need to give him an award or something. I bet you were awesome at quick draw as a kid.
                                      Last edited by xor; October 24, 2008, 15:48.
                                      Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

                                        Comment

                                        • bascule
                                          omgpwnies!
                                          • Jul 2003
                                          • 1946
                                          #11
                                          Re: Ginormous Windows remote code execution vulnerability

                                          So yeah, the answer is "yes"
                                          45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
                                          45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
                                          [ redacted ]

                                            Comment

                                            Previous template Next
                                            Working...