[Full-Disclosure] whoch DCOM exploit code are they speaking about here?

From: Josh Karp (jkarp_at_visionael.com)
Date: 09/17/03

  • Next message: titus_at_hush.com: "Re: [Full-Disclosure] iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting" 
    To: "'full-disclosure@lists.netsys.com'" <full-disclosure@lists.netsys.com>
Date: Tue, 16 Sep 2003 17:19:19 -0700

    http://www.sfgate.com/cgi-bin/article.cgi?file=/news/archive/2003/09/16/nati
    onal1842EDT0790.DTL
    <http://www.sfgate.com/cgi-bin/article.cgi?file=/news/archive/2003/09/16/nat
    ional1842EDT0790.DTL>

    Security researchers on Tuesday detected hackers distributing software to
    break into computers using flaws announced last week in some versions of
    Microsoft Corp.'s Windows operating system.
    The threat from this new vulnerability -- which already has drawn stern
    warnings from the Homeland Security Department -- is remarkably similar to
    one that allowed the Blaster virus to infect hundreds of thousands of
    computers last month.
    The discovery gives fresh impetus for tens of millions of Windows users --
    inside corporations and in their homes -- to immediately apply a free
    repairing patch from Microsoft. Homeland Security officials have warned that
    attacks could result in a "significant impact" on the operation of the
    Internet.
    Researchers from iDefense Inc. of Reston, Va., who found the new attack
    software being distributed from a Chinese Web site, said it was already
    being used to break into vulnerable computers and implant eavesdropping
    programs. They said they expect widespread attacks similar to the Blaster
    infection within days.
    "It's fairly likely," said Ken Dunham, a senior iDefense analyst. "Certainly
    we'll see new variants in the next few hours or days."
    Microsoft confirmed it was studying the new attack tool.
    Last month's Blaster infection spread just days after hackers began
    distributing tools for breaking into Windows computers using a related
    software flaw. That infection disrupted computers at the Federal Reserve in
    Atlanta, Maryland's motor vehicle agency and the Minnesota transportation
    department.
    The latest Windows flaws, announced Sept. 10, were nearly identical to those
    exploited by the Blaster worm. Computer users who applied an earlier patch
    in July to protect themselves still must install the new patch from
    Microsoft, available from its Web site.
    Amy Carroll, a director in Microsoft's security business unit, said 63
    percent more people have already downloaded the latest patch than downloaded
    the patch for last month's similar vulnerability during the same five-day
    period.
    "We've continued to beat the drum, to give people better awareness," Carroll
    said. "We have seen some success."
    The latest hacker tool was relatively polished. It gives hackers access to
    victims' computers by creating a new account with the name "e" with a preset
    password. iDefense said the tool includes options to attack two Windows 2000
    versions that are commonly used inside corporations.
    The tool being distributed Tuesday did not include an option to break into
    computers running Microsoft's latest operating systems, such as Windows XP
    or Windows Server 2003, but iDefense said it expected such modifications to
    make it more dangerous.

    On the Net:
    Microsoft warning:
    www.microsoft.com/security/security_bulletins/ms03-039.asp
    <http://www.microsoft.com/security/security_bulletins/ms03-039.asp>
    Homeland Security warning:
    www.nipc.gov/warnings/advisories/2003/Advisory9102003.htm
    <http://www.nipc.gov/warnings/advisories/2003/Advisory9102003.htm>

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: titus_at_hush.com: "Re: [Full-Disclosure] iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting"

    Relevant Pages

    • [NT] Cumulative Security Update for Internet Explorer (MS04-025)
      ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ...
      (Securiteam)
    • SecurityFocus Microsoft Newsletter #120
      ... Strengthening Network Security: FREE Guide Network security is a ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows File Protection Signed File Replacement... ... PlatinumFTPServer Information Disclosure Vulnerability ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #176
      ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows XP HCP URI Handler Arbitrary Command Execu... ... PHPNuke Category Parameter SQL Injection Vulnerability ... Microsoft Baseline Security Analyzer Vulnerability Identific... ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #242
      ... MICROSOFT VULNERABILITY SUMMARY ... PostNuke Blocks Module Directory Traversal Vulnerability ... Groove Networks Groove Virtual Office COM Object Security By... ... The Microsoft Windows IPV6 TCP/IP stack is prone to a "loopback" condition initiated by sending a TCP packet with the "SYN" flag set and the source address and port spoofed to equal the destination source and port. ...
      (Focus-Microsoft)
    • [NT] Vulnerability in HTML Help Allows Code Execution (MS05-001)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service ...
      (Securiteam)