Exploit Code Published for Windows Worm Hole

Detailed exploit code for a critical Windows worm hole has been published on the Internet, putting millions of users at risk of PC takeover attacks.

The code, which was posted to the Milw0rm Web site, attempts to exploit a known—and already patched—vulnerability in the DHCP (Dynamic Host Configuration Protocol) Client service.

Microsoft released the MS06-036 bulletin on July 11 to correct the flaw, and warned that a successful exploit could allow remote code execution on Windows 2000 SP4, Windows XP and Windows Server 2003.

Windows uses DHCP to reduce the complexity of administering network addresses. But because of an unchecked buffer, Microsoft said, an attacker could remotely hijack a compromised system to install programs, view, change or delete data, or create new accounts with full user rights.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internet’s Security IT Hub.

According to Swa Frantzen, an incident handler with the SANS ISC (Internet Storm Center), the published exploit claims to add the user “bl4ck” with a very insecure password to cause the service to terminate.

Click here to read more about Microsoft’s latest round of patches, including a “critical” Excel update.

“The author left some suggestions for ‘improvement’ in the source code, so expect potentially nastier versions to be used in real life,” Frantzen said in an entry on the SANS ISC diary page. “If you still have not patched your Windows client systems, it is a very good time to do so now.”

Read the full story on eWEEK.com: Exploit Code Published for Windows Worm Hole