Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [News] New worm feeds on latest Microsoft bug

Moshe Goldfarb. wrote:

> On Sun, 26 Oct 2008 23:23:26 +0100, Peter Köhlmann wrote:
> 
>> The racist, liar and software thief Gary Stewart (flatfish) nymshifted:
>> 
>>> On Sun, 26 Oct 2008 14:40:58 -0700 (PDT), nessuno@xxxxxxxxxxxxxxxxxxx
>>> wrote:
>>> 
>>>> <Quote>
>>>> One day after Microsoft issued a rare emergency Windows security
>>>> patch, the bad guys have a few new ways to take advantage of the
>>>> bug.....a new worm, called Gimmiv....
>>>> 
>>>> This vulnerability lies in the Windows Server service.... "It is
>>>> downloaded onto a target machine via social engineering
>>> 
>>> Key words: Social Engineering.......
>> 
>> And completely wrong.
>> It is a vulnerability in the windows RPC code, and absolutely no user
>> interaction is needed
> 
> That's not what the article says.

I don't care what the article says. It is a RPC error, thus *no* user
interaction is needed.
In principle a machine with a running firewall should be safe, but a small
error in setting the firewall will make the machine wide open.
If you have file- and printer sharing enabled, very easily you can enable
also the access from the outside. Then all bets are off.
The problem is in a code area which is not protected by "/GS security
cookies"

> It has to make it to the first machine.

Wrong

And actually it is quite similar to the 2006 vulnerability in RPC,
when "Vanebot" or "Mocbot" were infecting windows machines without any user
interaction at all
-- 
Howe's Law:    Everyone has a scheme that will not work.


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index