Re: NT4 worm

[Juha-Matti Laurio <juha-matti.laurio () netti fi>]

My point was to clarify if these reports are especially related to NT4 machines and the reply states they are.
I.e. when word 'NT4' was used in the title I made a conclusion that there was observations about infected NT4 machines.
Absolutely the exploit will work on W2K boxes.

BTW: Can someone confirm that Netapi32.dll (vulnerable component of MS06-040) is part of fully patched NT4.0 
installation.
Thanks.

- Juha-Matti

H D Moore <fdlist () digitaloffense net> wrote: 
> The exploit for NT 4.0 is *exactly* the same packet as the one you would 
> also use on Windows 2000. I am suprised that this is considered a "NT 4" 
> worm and not a "Windows 2000 (+NT 4.0)" worm. Is something specific about 
> the exploit they use that prevents it from working on Windows 2000?
>
> -HD
>
> On Wednesday 30 August 2006 10:11, Juha-Matti Laurio wrote:
> > Are the machines you have experience especially NT4.0 machines?
> > It appears that one of the PoC's (public on Monday 28th Aug) lists the
> > following information: "Systems Affected:
> > *  Microsoft Windows 2000 SP0-SP4
> > *  Microsoft Windows XP SP0-SP1
> > *  Microsoft Windows NT 4.0"
> >
> > but reportedly it is tested against XPSP1 and W2KSP4 systems.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/