Thread: Only a few days left until MSBlast 2
View Single Post
Old 09-17-2003, 10:47 PM   #1 (permalink)
smurfbizkit
Senior Member
 
Join Date: Sep 2001
Posts: 1,094
Send a message via ICQ to smurfbizkit Send a message via AIM to smurfbizkit Send a message via MSN to smurfbizkit
Default Only a few days left until MSBlast 2
found this on another forum, figured I should post it...

Quote:
The source code of a working exploit for the RPCSS vulnerabilities discovered on September 12th was posted early this morning, meaning there are only a few days left before a worm using the code will be created and released. This was first reported on full-disclosure and there is now an article in The Reg about it. This exploit uses VU#254236 RPCSS Long Filename Overflow, which allows complete local system privileges to any attacker. There is also an attack tool out for VU#326746 RPC Denial of Service which can reportedly crash every vulnerable Windows machine on a subnet in under a minute.

So if you run Windows NT4/2000/XP/2003, make sure you follow the instructions to secure your system while there's still time:

http://www.cert.org/advisories/CA-2003-23.html#solution

You should also begin checking for emergency virus definition updates that will become available when the worm is released:

http://www.networkassociates.com/us/...es/default.asp
http://securityresponse.symantec.com.../download.html

Hopefully people learned from the first MSBlast worm an this one won't spread as fast, but that seems unlikely given the fact that people had four times as long to patch last time and they still didn't get around to it.
smurfbizkit is offline   Reply With Quote