 |
 |
While this exploit does nothing more than cause a denial of service against Windows 2000 systems, it is a pretty good indicator that a worm will be following shortly. With a vulnerability that has so many attack vectors, it could be aimed at any number of systems. It can hit client systems running Outlook by simply downloading the messages (no need to open them). It can come through malicious websites. Or it could be aimed directly at systems like this one does. There has been plenty of time to get patches in place on all critical systems by now, but It's quite likely that a huge number of systems will still be hit. As more time goes by, hopefully more systems are getting patched. -Russell Steve Bogdanski wrote: > Haven't seen this mentioned anywhere yet so I figured I would mention it. It seems an exploit has been created for the vulnerability documented in Microsoft Security Bulletin MS04-00-007. Here is the code: http://www.k-otik.com/exploits/02.14.MS04-007-dos.c.php. Below is some info on it: > > >>A computer program that exploits the vulnerability in ASN.1 Library, a >>common Microsoft component, was posted to the Internet Saturday. However, >>the exploit code does not pose an extreme risk to confidential data stored >>on vulnerable systems. The code for the program appeared on >>http://www.k-otik.com, a known outlet for software exploits.