Exploit Code Published for Windows Worm HoleBy Ryan Naraine | Posted 2006-07-24 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Millions of Windows users are at risk of PC takeover attacks after exploit code is released for a "critical" DHCP vulnerability.Detailed exploit code for a critical Windows worm hole has been published on the Internet, putting millions of users at risk of PC takeover attacks.
Microsoft released the MS06-036 bulletin on July 11 to correct the flaw, and warned that a successful exploit could allow remote code execution on Windows 2000 SP4, Windows XP and Windows Server 2003.
Windows uses DHCP to reduce the complexity of administering network addresses. But because of an unchecked buffer, Microsoft said, an attacker could remotely hijack a compromised system to install programs, view, change or delete data, or create new accounts with full user rights.
According to Swa Frantzen, an incident handler with the SANS ISC (Internet Storm Center), the published exploit claims to add the user "bl4ck" with a very insecure password to cause the service to terminate.
"The author left some suggestions for 'improvement' in the source code, so expect potentially nastier versions to be used in real life," Frantzen said in an entry on the SANS ISC diary page. "If you still have not patched your Windows client systems, it is a very good time to do so now."
Read the full story on eWEEK.com: Exploit Code Published for Windows Worm Hole