MS08-067

October 31, 2008

As everyone is talking about this, i thought i will also mention it here briefly. Microsoft released an out of band patch for this vulnerability. More Technical details about it can be read here. Its a remote code execution in server service which surprisingly everyone missed in the previous version of a similar vulnerability(MS06-040).

Currently the svn version of metasploit has following targets:

0 Windows 2000 MS06-040+ (YMMV pre MS06-040)
1 Windows XP SP0 English (NO NX)
2 Windows XP SP1 English (NO NX)
3 Windows XP SP2 English (NX)
4 Windows XP SP2 Italian (NX)
5 Windows XP SP2 Spanish (NX)
6 Windows XP SP2 Chinese (NX)
7 Windows XP SP3 English (NX)
8 Windows XP SP3 German (NX)
9 Windows 2003 SP0 English (NO NX)
10 Windows 2003 SP1 English (NO NX)
11 Windows 2003 SP2 English (NO NX)
12 Windows 2003 SP1 English (NX)
13 Windows 2003 SP2 English (NX)

and hopefully more targets will be added to this list shortly. Bernardo, released a tool to anonymously check for this issue.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Trackback