funsec mailing list archives
Re: Now Showing: MS05-047 Exploit In-The-Wild
From: Joe Stewart <jstewart () lurhq com>
Date: Fri, 21 Oct 2005 14:32:47 -0400
On Friday 21 October 2005 12:56 pm, Fergie (Paul Ferguson) wrote:
That's right. You should've been patched, like, yesterday. Personally, I expect to see a worm which uses this exploit to begin circulating within the next few days.
Doubt it would have much impact. If people running W2K installed MS05-039 to patch umpnpmgr.dll a couple of months ago when Zotob came out, the exploit won't work unless the attacker has login credentials. The only ones truly at risk from a worm are the ones who don't have MS05-039, and they're already owned by 15 other worms by now. -Joe -- Joe Stewart, GCIH Senior Security Researcher LURHQ http://www.lurhq.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Now Showing: MS05-047 Exploit In-The-Wild Fergie (Paul Ferguson) (Oct 21)
- RE: Now Showing: MS05-047 Exploit In-The-Wild Larry Seltzer (Oct 21)
- RE: Now Showing: MS05-047 Exploit In-The-Wild Jordan Wiens (Oct 21)
- RE: Now Showing: MS05-047 Exploit In-The-Wild Drsolly (Oct 21)
- Re: Now Showing: MS05-047 Exploit In-The-Wild RLVaughn (Oct 22)
- RE: Now Showing: MS05-047 Exploit In-The-Wild Jordan Wiens (Oct 21)
- RE: Now Showing: MS05-047 Exploit In-The-Wild Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 21)
- RE: Now Showing: MS05-047 Exploit In-The-Wild Larry Seltzer (Oct 21)
- Re: Now Showing: MS05-047 Exploit In-The-Wild Joe Stewart (Oct 21)
- <Possible follow-ups>
- RE: Now Showing: MS05-047 Exploit In-The-Wild Fergie (Paul Ferguson) (Oct 21)