Exploits Circulating for Latest Windows Holes

1sockchuck writes "Exploits are already circulating for at least two (and possibly four) of the Windows security holes addressed in Microsoft's updates on Tuesday. Several working exploits have been released for a new vulnerability in Windows Plug and Play technology, which could be used to spread a worm targeting Windows 2000 machines, according to eEye security, which has released a free scanner to help network admins identify vulnerable computers."

Re:Registration form privacy information at eEye

[Anonymous Coward]

enjoy [nyud.net]

link

[Anonymous Coward]

right here [nyud.net]

-WH

nessus plugins available

[sgt scrub]

If you need to test the machines on your network Nessus http://nessus.org/ [nessus.org] has released plugins.

Re:And Linux doesen't?!?!?

[chez69]

the enterprise versions are supported for 3 years. fedora is just a testbed, most of the folks that use it (including me) realize this.

if you want long term support, buy something that has it.

Here's some news for you, chum.

[Anti-Trend]

First of all, Linux distros support every package on the system, not just the core files like MS update. That means perl, MySQL, apache, even the modules for apache. Everything. With that in mind, compare the Secunia security reports for Mandrake 10.0 [secunia.com] and Windows XP Pro 10.0 [secunia.com], which hit the market at about the same time. Have a look at the amount of unpatched vulnerabilities in both and see if you can still come to the same conclusions. Sheesh!

Re:nessus plugins available

[ninja_assault_kitten]

Yes, and you have to be a direct feed user to get them. At least for the next several days.

Re:It is interesting that...

[Anonymous Coward]

From http://begthequestion.info/ [begthequestion.info] --

'The phrase "begging the question", or "petitio principii" in Latin, refers to the "question" in a formal debate -- that is, the issue being debated. In such a debate, one side may ask the other side to concede certain points in order to speed up the proceedings. To "beg" the question is to ask that the very point at issue be conceded, which is of course illegitimate.'

Re:It is interesting that...

[mcmonkey]

http://www.datanation.com/fallacies/begging.htm [datanation.com]

http://skepdic.com/begging.html [skepdic.com]

http://www.randomhouse.com/wotd/index.pperl?date=1 9970627 [randomhouse.com]

It's a form of circular reasoning.

source code

[Anonymous Coward]

im not a fan of eeye so here is the source code of the exploit for people to play with.

its not in the wild its in the public domain now http://seclists.org/lists/pen-test/2005/Aug/0183.h tml [seclists.org] anyone who wants the binary for the scanner check below

http://www.eeye.com/html/Research/Tools/exe/Retina UMPNP.exe [eeye.com]