-
October 29th, 2006, 08:41 AM
#1
MS 0Day shows up on milw0rm
Hey Hey,
A new MS exploit showed up on milw0rm yesterday — http://www.milw0rm.com/exploits/2672 (Code is written in Python and quite easy to follow)…
Microsoft Windows NAT Helper Components (ipnathlp.dll) 0day Remote DoS Exploit
The exploit requires Internet Connection Sharing to be enabled and requires that the attacker be on the shared interface (from what I’ve seen in my playing thus far).
Malicious Person — Computer with ICS — Internet
I ran Windows Updates on an XP SP2 machine immediately prior to testing this… so it *SHOULD* have been fully up-to-date
I've got additional details (and will be adding more in the morning when I've had a chance to do some more serious debugging) available at http://www.computerdefense.org/?p=149
Peace,
HT
[Edit]
I've also submitted this to both SANS ISC and MSRC to ensure they're aware of it
[/Edit]
-
October 29th, 2006, 06:14 PM
#2
Hey Hey,
I just wanted to point out that I was mentioned on SANS ISC -- http://isc.sans.org/diary.php?storyid=1809 for my report on this
That means in the last week I've been on ComputerWorld, the Sunbelt Software Blog and now this
Peace,
HT
-
October 30th, 2006, 04:34 AM
#3
Well, I guess I'll just keep replying to my own post
I'm looking for everyone to go digg this http://digg.com/security/New_MS_0day_on_milw0rm
Also.... I've posted a FAQ on the details of this over at the nCircle VERT blog.
http://blog.ncircle.com/archives/200...soft_ics_d.htm
Peace,
HT
-
October 30th, 2006, 04:28 PM
#4
Originally Posted by HTRegz
That means in the last week I've been on ComputerWorld, the Sunbelt Software Blog and now this
Keep up the good work
Oliver's Law:
Experience is something you don't get until just after you need it.
-
October 30th, 2006, 04:34 PM
#5
dugg
-
October 30th, 2006, 04:36 PM
#6
Originally Posted by HTRegz
Hey Hey,
I just wanted to point out that I was mentioned on SANS ISC -- http://isc.sans.org/diary.php?storyid=1809 for my report on this
That means in the last week I've been on ComputerWorld, the Sunbelt Software Blog and now this
Peace,
HT
Thats great to hear HT.....I guess the move really panned out for you
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
October 30th, 2006, 05:41 PM
#7
Originally Posted by morganlefay
Thats great to hear HT.....I guess the move really panned out for you
MLF
Yeah definately things are going quite well.
-
October 31st, 2006, 03:03 AM
#8
Last edited by HTRegz; October 31st, 2006 at 04:09 AM.
-
October 31st, 2006, 02:23 PM
#9
You made the front page of slashdot as well
New Windows Attack Can Disable Firewall
Posted by ScuttleMonkey on Tuesday October 31, @02:40AM
from the he-shoots-he-scores dept.
Windows
BobB writes to tell us NetworkWorld is reporting that new code released on Sunday could allow a fully patched Windows XP PC's personal firewall to be disabled via a malicious data packet. The exploit depends on the use of Microsoft's Internet Connection Service. From the article: "The attacker could send a malicious data packet to another PC using ICS that would cause the service to terminate. Because this service is connected to the Windows firewall, this packet would also cause the firewall to stop working, said Tyler Reguly, a research engineer at nCircle Network Security Inc."
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
October 31st, 2006, 03:15 PM
#10
Originally Posted by nebulus200
You made the front page of slashdot as well
I just got an email from a co-worker I also made the front-page of digg...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|