Critical Microsoft exploit alert
p2p news / p2pnet: Microsoft is gearing up for a disruptive attack, "similar to the Zotob worm that hit several high-provide targets in August 2005," says eWeek.
At the time, F-Secure’s Mikko Hyppönen wrote of the worm, "this one was using a brand new exploit against a brand new vulnerability: the MS05-039 PnP hole."
Now, anyone using Microsoft Windows, users, especially businesses running Windows 2000, should pay attention to a special warning about exploit code that zeroes in on a vulnerability Microsoft has labeled "critical".
The code was released by security consultant H.D. Moore, "as part of the Metasploit Framework, an open-source tool for penetration testing and exploit development," says the story.
Microsoft’s security response unit, "is strongly urging" Windows users to patch vulnerabilities detailed in MS06-025, "because of the potential for a worm attack," says the story, going on:
"The MS06-025 bulletin provides fixes for a pair of code execution flaws in the RRAS (Routing and Remote Access Service) in Windows. On Windows 2000 systems, the flaws carry a "critical" rating because it presents a remote unauthenticated attack vector.
"Both flaws could allow a remote attacker to take "complete control" of an affected system and because of the "blow-by-blow" description of the exploit, "Microsoft is bracing for the possibility of a disruptive attack similar to the Zotob worm that hit several high-provide targets in August 2005," says eWeek.
Affected Software:
- Microsoft Windows 2000 Service Pack 4 – patch
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 – patch
- Microsoft Windows XP Professional x64 Edition – patch
- Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 – patch
- Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems – patch
- Microsoft Windows Server 2003 x64 Edition – patch
Patches for Microsoft Windows Server 2003, Windows Server 2003 Service Pack 1, and Windows Server 2003 x64 Edition also apply to Windows Server 2003 R2, says Microsoft, also pointing out Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) aren’t affected.
Digg this story.
Also See:
Zotob worm – Zotob creators arrested, August 27, 2005
brand new exploit – Zotob worm outbreak, August 23, 2005
eWeek – ‘Detailed Exploit’ Published for Critical Windows Flaw, June 26, 2006
p2pnet newsfeeds for your site.
rss feed: http://p2pnet.net/p2p.rss
Mobile – http://p2pnet.net/index-wml.php
June 27th, 2006 at 4:32 pm
How in bloody BLAZES was this (Microsoft “Windows”) OS *ever* let out the door of Redmond? Christ on a crutch; if General Motors *purposely* (as appears to be the case with Micro$oft) engineered such unreliability into their various product lines, then GM would have *long* since been (figuratively) pushing up daisies, and nobody would miss them.
I saw a certain troika (Bill & Melinda, also Warren Buffet) on “Charlie Rose” last night, and there were more than a few moments where I wanted to do nothing more than release the contents of my stomach (i.e. “puke”). Who was it who said “There is nothing so honored as an ancient evil”? That certainly (imho) applies to Bill Gates (and let’s not forget Andrew Carnegie; Molly Maguires, anybody?), John D. Rockefeller Sr. (founder of Standard Oil), and probably a few others. Predatory business-practices early in life, then trying to wash their spiritual slate clean by giving away money afterwards?
I’d probably not include Mr. Buffet, but Bill certainly qualifies.
June 27th, 2006 at 8:57 pm
As a software developer I do know that bugs in software are inevitable. When a manufacturer releases software it is because the testing period has ended and most bugs have been discovered. An operating system is no different, just more complex. Some bugs are very hard to find and some bugs are not bugs at all, but the way that an option is handled. So the bottom line is that sometimes bugs are not discovered until long after the software has completed the testing period.
June 28th, 2006 at 7:05 pm
are you a M$ shill??? Sounds like it.
June 28th, 2006 at 7:08 pm
This particular post is NOT where it BELONGS! It is ACTUALLY in answer to the post by the self-professed ’software developer’.
June 28th, 2006 at 7:11 pm
This is a great example of Microsoft Patches breaking things instead of fixing them. This is why I haven’t installed their patches since SP2 forced it’s way onto my machine.