found this on another forum, figured I should post it...
Quote:
The source code of a working exploit for the RPCSS vulnerabilities discovered on September 12th was posted early this morning, meaning there are only a few days left before a worm using the code will be created and released. This was first reported on full-disclosure and there is now an article in The Reg about it. This exploit uses VU#254236 RPCSS Long Filename Overflow, which allows complete local system privileges to any attacker. There is also an attack tool out for VU#326746 RPC Denial of Service which can reportedly crash every vulnerable Windows machine on a subnet in under a minute.
So if you run Windows NT4/2000/XP/2003, make sure you follow the instructions to secure your system while there's still time:
Hopefully people learned from the first MSBlast worm an this one won't spread as fast, but that seems unlikely given the fact that people had four times as long to patch last time and they still didn't get around to it.
oops I mean can other operating systems be infected
AFAIK, not
This versions attacks trough an exploit in filename length, and both Unix and Windows have other filename definitions (the former better then the last, I might add... )
ME is NOT win 2000. i dont think ME is affected (the 1st one didnt touch ME or the other win 9x OS's). are these worms exploiting something that is due to the getting rid of DOS, b/cs all the OS's it affects are windows without DOS. just wondering if that was why or if it was just a coincidence.
are these worms exploiting something that is due to the getting rid of DOS, b/cs all the OS's it affects are windows without DOS. just wondering if that was why or if it was just a coincidence.
All Windows OS's have DOS, even XP (even though its renamed "command prompt" in Accessories). I know because I couldn't get RA to work on XP, so I installed it to DOS instead.
Only a few days left until MSBlast 2
)
