Exploits Circulating for Latest Windows Holes 185
1sockchuck writes "Exploits are already circulating for at least two (and possibly four) of the Windows security holes addressed in Microsoft's updates on Tuesday. Several working exploits have been released for a new vulnerability in Windows Plug and Play technology, which could be used to spread a worm targeting Windows 2000 machines, according to eEye security, which has released a free scanner to help network admins identify vulnerable computers."
Why is this surprising? (Score:4, Interesting)
The recent article on the front page here (2 down at the moment), talks about vulnerabilities linked to MS05-038 being in the wild in mid July (actually quite a bit earlier, but we will give them the benefit of the doubt). There have been a number of minor exploits in existence for at least a month and a half with respect to some image handling capabilities through IE (also MS05-038).
Security-Protocols claimed to have discovered the vulnerability linked to MS05-041, and there were some minor claims that other people had been able to make it into exploits which weren't widespread.
I initially thought that the Plug and Play vulnerability was linked to a report on an overflow with respect to handling USB devices (which has also been reported), but it seems to be much worse.
I am fully aware of the reasons why companies EOL their software, but Microsoft's cessation of mainstream support for Win 2000 might be coming back to bite them, given that Win 2000 is just as vulnerable to these exploits as Win XP and 2003, if not more so.
Re:Not to worry... (Score:3, Interesting)
As a programer myself I am often faced with the idea of completely re-writing my code, not just leaving the function sit, while being unused.
Compare to Apple's OS X (granted, the numbers argument about there is not a mass majority to spread a major virus even if it was to be discovered), why cant Microsoft decide to take shape, and start producing a REAL operating system that is built upon firm solid foundations of bug free (realitivly) code. They have admited in the past that they have pushed features ahead of security, and yet our major corporations still tout that microsoft is secure enough for there senstive finiancial information.
Give me a break will ya? I really just wish that microsoft would have a much more open beta, much more strict adherance to quality code, and less mouthpeices saying how great there stuff is.
Re:Is it really New? (Score:5, Interesting)
So isn't this just an old exploit that was just found?
No. This is an old vulnerability that was just published, and had new exploits written and published for it. That is not to say other exploits have not existed for this vulnerability for the last five years.
Re:Not to worry... (Score:4, Interesting)
Exploiting the Exploit (Score:2, Interesting)
I would recommend that users stop using slashdot.org as a way to distribute pointless software in an attempt to collect free user data.
Let's Hear Ira Winkler Now (Score:3, Interesting)
He's been writing that Mike Lynn did the industry a disservice by revealing the buffer overflow class of Cisco vulnerabilities.
His logic is that as soon as you reveal a vulnerability, you accelerate the exploits, and therefore vulnerabilities should not be revealed. (In other words, the classic "security through obscurity argument.")
He seems to think it makes more work for him and other security people.
I pointed out to him that if we follow his logic, no vulnerability and no patch would ever be released. Here we have exploits following a patch. Does he now think Microsoft should not have released the advisory and patch because it "accelerated" the development of an exploit which will affect unpatched systems?
This is exactly his logic with Mike Lynn's actions. He claims revealing the buffer flaws, even though Cisco has patched the two actual flaws found, will cause an exploit to appear that will affect unpatched systems and cause him "more work."
I pointed out to him that he should thus blame Microsoft for patching the SQL Server flaws even though most admins didn't patch their servers in time for the worms that took advantage of them.
I also pointed out to him that if he thinks security is easy and he can't handle the "extra work" exploits cause, get out of the business.
His real motivation, of course, which I also pointed out to him, was simply sour grapes that he didn't get the press for revealing the flaws. The security business is very competitive, and every time a researcher announces something, everybody else denounces him as wrong, premature, or not following proper "protocol." All this just to keep THEIR names - and by extension, the same vulnerabilities they're complaining about - in the trade press. It's hypocritical.
Re:Exploits circulate after bug report (Score:2, Interesting)
I'm not saying that is the case with this particular exploit, but Microsoft wants everyone to believe that we wouldn't have to worry about exploits if those white hats would just stop finding problems with MS software.