Exploits Circulate for Windows 2000 Worm Hole

Filed under: — By Aviran Mordo @ 7:41 pm

Windows 2000 users, patch now or else…
That’s the blunt warning from Microsoft Corp.’s security response center after “detailed exploit code” for a wormable flaw started circulating on underground security Web sites.

The software maker rushed out an advisory late Thursday night to warn that unpatched Windows 2000 users are at the biggest risk of a PC takeover attack.

Ziff Davis Internet News has confirmed the existence of at least five exploits targeting several different vulnerabilities patched by Microsoft earlier this week.

The one that worries Microsoft the most is the exploit for the Plug and Play vulnerability addressed in the MS05-039 bulletin.

The vulnerability is an unchecked buffer in the Plug and Play service that can be exploited as a privilege escalation or to run remote code as administrator. Plug and Play, or PnP, is a feature that allows the operating system to detect new hardware installed on a system. For example, when a user installs a new mouse on a PC, PnP allows Windows to detect it and load the needed drivers.

Microsoft’s patch updates the Plug and Play service code to validate the length of a message before it passes it to the allocated buffer and has been released for users of Windows 2000, Windows XP and Windows Server 2003 users.

Source: eWeek


Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress