RE: LLSSRV Clarifications

["Maynor, David (ISS Atlanta)" <dmaynor () iss net>]

Sure he did, didn't you see his notification at around 5 today?

-----Original Message-----
From: dailydave-bounces () lists immunitysec com
[mailto:dailydave-bounces () lists immunitysec com] On Behalf Of Isaac
Dawson
Sent: Wednesday, March 16, 2005 8:58 PM
To: dailydave
Subject: Re: [Dailydave] LLSSRV Clarifications

So you notified Microsoft right? Right? ahhhhhh I keel me!
:D



On Wed, 16 Mar 2005 17:07:50 -0500, Dave Aitel <dave () immunitysec com>
wrote:
> Immunity is happy to announce the release from VSC of a new paper to
our
> public website regarding the technical details of the llssrv
> vulnerability Microsoft released on February 8th, 2005. Along with
this
> paper, we've released a reliable, language-independant exploit to the
> CANVAS distribution.
>
> As stated in MS05-010, LLSSRV is not remotely exploitable on Windows
> 2000 Server SP3 and 4 without authentication. However, it is remotely
> exploitable in Windows 2000 Advanced Server SP 3 and 4 without
> authentication. This information, missing from MS05-010, is a perfect
> example as to why fully independant third party security information
and
> exploit code provide a key link in an organization's ability to
> understand and evaluate the risk posted by vulnerabilities.
>
> Further details, vulnerability release scheduling, and other
information
> are available here:
> http://www.immunitysec.com/resources-advisories.shtml
>
> Thanks,
> Dave Aitel
> Immunity, Inc.
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> https://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave