MS 0Day shows up on milw0rm
Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: MS 0Day shows up on milw0rm

  1. #1
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914

    MS 0Day shows up on milw0rm

    Hey Hey,

    A new MS exploit showed up on milw0rm yesterday — http://www.milw0rm.com/exploits/2672 (Code is written in Python and quite easy to follow)…

    Microsoft Windows NAT Helper Components (ipnathlp.dll) 0day Remote DoS Exploit

    The exploit requires Internet Connection Sharing to be enabled and requires that the attacker be on the shared interface (from what I’ve seen in my playing thus far).

    Malicious Person — Computer with ICS — Internet

    I ran Windows Updates on an XP SP2 machine immediately prior to testing this… so it *SHOULD* have been fully up-to-date

    I've got additional details (and will be adding more in the morning when I've had a chance to do some more serious debugging) available at http://www.computerdefense.org/?p=149

    Peace,
    HT

    [Edit]
    I've also submitted this to both SANS ISC and MSRC to ensure they're aware of it
    [/Edit]
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  2. #2
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    I just wanted to point out that I was mentioned on SANS ISC -- http://isc.sans.org/diary.php?storyid=1809 for my report on this


    That means in the last week I've been on ComputerWorld, the Sunbelt Software Blog and now this

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #3
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Well, I guess I'll just keep replying to my own post

    I'm looking for everyone to go digg this http://digg.com/security/New_MS_0day_on_milw0rm

    Also.... I've posted a FAQ on the details of this over at the nCircle VERT blog.

    http://blog.ncircle.com/archives/200...soft_ics_d.htm

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Quote Originally Posted by HTRegz
    That means in the last week I've been on ComputerWorld, the Sunbelt Software Blog and now this
    Keep up the good work
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Senior Member deftones12's Avatar
    Join Date
    Jan 2003
    Location
    cali forn i a
    Posts
    333
    dugg

  6. #6
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Quote Originally Posted by HTRegz
    Hey Hey,

    I just wanted to point out that I was mentioned on SANS ISC -- http://isc.sans.org/diary.php?storyid=1809 for my report on this


    That means in the last week I've been on ComputerWorld, the Sunbelt Software Blog and now this

    Peace,
    HT

    Thats great to hear HT.....I guess the move really panned out for you

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  7. #7
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Quote Originally Posted by morganlefay
    Thats great to hear HT.....I guess the move really panned out for you

    MLF
    Yeah definately things are going quite well.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  8. #8
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Last edited by HTRegz; October 31st, 2006 at 03:09 AM.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  9. #9
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    You made the front page of slashdot as well

    New Windows Attack Can Disable Firewall
    Posted by ScuttleMonkey on Tuesday October 31, @02:40AM
    from the he-shoots-he-scores dept.
    Windows
    BobB writes to tell us NetworkWorld is reporting that new code released on Sunday could allow a fully patched Windows XP PC's personal firewall to be disabled via a malicious data packet. The exploit depends on the use of Microsoft's Internet Connection Service. From the article: "The attacker could send a malicious data packet to another PC using ICS that would cause the service to terminate. Because this service is connected to the Windows firewall, this packet would also cause the firewall to stop working, said Tyler Reguly, a research engineer at nCircle Network Security Inc."
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  10. #10
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Quote Originally Posted by nebulus200
    You made the front page of slashdot as well
    I just got an email from a co-worker I also made the front-page of digg...
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides