Hãy nhanh chân nâng cấp Windows!
Proof-of-concept exploit code offering step-by-step instructions to attack worm holes in Microsoft Windows have started appearing on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet, prompting a new round of "patch-now-or-else" warnings from computer security experts.The exploits, publicly released on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Milw0rmWeb site and privately available to partners of penetrating testing firm Immunity, target a pair of critical vulnerabilities patched by Microsoft on Nov. 14.
The Milw0rm exploit, released by a hacker called "cocoruder," takes aim at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 high-severity bug covered in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 MS06-070 bulletin and can be used to launch a network worm against unpatched Windows 2000 systems.
"It [an attack] can be launched remotely over cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet, without any user action whatsoever," Sarwate said in an interview with eWEEK.
The "cocoruder" exploit code has been tested against Chinese-language versions of Windows but, with minor tweaking, Sarwate said it can be expanded to hit ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r targets.
Immunity, hãng sản xuất CANVAS, cũng đã có exploit cho MS06-070 và các MS06-xxx khác:
"Our exploit works against English-language versions [of Windows]," says Kostya Kortchinsky, a senior researcher at Immunity. "We've successfully tested it to launch code against Windows 2000 SP3 and SP4."Since Microsoft's Nov. 14 Patch Tuesday, Immunity has released a total of six proof-of-concept and working exploits against flaws covered in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 updates.
On Nov. 13, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 company also posted attack code for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Microsoft XML Core Services 4.0 flaw that was being used in targeted zero-day attacks.
In an interview with eWEEK, Kortchinsky said cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 company has also reverse-engineered cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 patches in Microsoft's MS06-066 bulletin to a code-execution exploit for Windows XP SP2.
He said Immunity's MS06-066 exploit is also capable of defeating cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 software-enforced DEP (Data Execution Prevention) that is enabled by default in XP SP2 to reduce exploits of exception handling mechanisms in Windows.
The MS06-066 update, rated "critical," covers a pair of vulnerabilities in Client Service for NetWare, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 feature that allows cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 client to access NetWare file, print and directory services.
Comments