MS02-045 exploit is out
From: Kevin Gennuso (goosey@ICUBED.COM)Date: 08/27/02
- Previous message: Russ: "Re: IE Security Bulletin 02-047 affects Terminal Services connecting via a web page"
- Next in thread: Russ: "Re: MS02-045 exploit is out"
- Reply: Russ: "Re: MS02-045 exploit is out"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 27 Aug 2002 10:01:53 -0400 From: Kevin Gennuso <goosey@ICUBED.COM> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Hi all,
I haven't seen much noise on this list about MS02-045 (Unchecked Buffer in
Network Share Provider Can Lead to Denial of Service (Q326830)), but the
implications are very nasty. Any unpatched WinNT/2K/XP or .NET machine on
your network that's listening on port 139 and/or 445 can be crashed in
about two seconds with a malformed SMB packet. I highly disagreed with
Microsoft's assessment that this was only a "moderate" threat level to
intranet and desktop systems because the exploit is so easy to perform.
It was bad enough in theory, but now a script-tot friendly GUI version of
the exploit has been posted on PacketStorm, and it works against all of
the above. You can try for yourself at
http://packetstorm.decepticons.org/0208-exploits/SMBdie.zip
We worked through the weekend to get a large percentage of our boxen
patched - you may have to do the same.
The old "WinNuke" from the evil days of Win95 is back.
Thanks for listening,
Kevin
- Previous message: Russ: "Re: IE Security Bulletin 02-047 affects Terminal Services connecting via a web page"
- Next in thread: Russ: "Re: MS02-045 exploit is out"
- Reply: Russ: "Re: MS02-045 exploit is out"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
