funsec mailing list archives

Re: Now Showing: MS05-047 Exploit In-The-Wild

From: Joe Stewart <jstewart () lurhq com>
Date: Fri, 21 Oct 2005 14:32:47 -0400

On Friday 21 October 2005 12:56 pm, Fergie (Paul Ferguson) wrote:

That's right. You should've been patched, like, yesterday.

Personally, I expect to see a worm which uses this exploit to begin
circulating within the next few days.


Doubt it would have much impact. If people running W2K installed 
MS05-039 to patch umpnpmgr.dll a couple of months ago when Zotob came 
out, the exploit won't work unless the attacker has login credentials. 
The only ones truly at risk from a worm are the ones who don't have 
MS05-039, and they're already owned by 15 other worms by now.

-Joe

-- 
Joe Stewart, GCIH 
Senior Security Researcher
LURHQ http://www.lurhq.com/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Now Showing: MS05-047 Exploit In-The-Wild Fergie (Paul Ferguson) (Oct 21)
- RE: Now Showing: MS05-047 Exploit In-The-Wild Larry Seltzer (Oct 21)
  - RE: Now Showing: MS05-047 Exploit In-The-Wild Jordan Wiens (Oct 21)
    - RE: Now Showing: MS05-047 Exploit In-The-Wild Drsolly (Oct 21)
    - Re: Now Showing: MS05-047 Exploit In-The-Wild RLVaughn (Oct 22)
  - RE: Now Showing: MS05-047 Exploit In-The-Wild Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 21)
- Re: Now Showing: MS05-047 Exploit In-The-Wild Joe Stewart (Oct 21)
- <Possible follow-ups>
- RE: Now Showing: MS05-047 Exploit In-The-Wild Fergie (Paul Ferguson) (Oct 21)