Slashdot Mirror

← Back to Stories (view on slashdot.org)

Exploits Circulating for Latest Windows Holes

Posted by CmdrTaco on from the netcraft-confirms-that-trolls-are-uncreative dept.

1sockchuck writes "Exploits are already circulating for at least two (and possibly four) of the Windows security holes addressed in Microsoft's updates on Tuesday. Several working exploits have been released for a new vulnerability in Windows Plug and Play technology, which could be used to spread a worm targeting Windows 2000 machines, according to eEye security, which has released a free scanner to help network admins identify vulnerable computers."

10 of 185 comments (clear)

  1. Microsoft Induced? by Deltaspectre · · Score: 5, Funny

    Perhaps this vulnerability was a 'Feature' to get people to migrate away from Windows 2000?

    --
    My UID is prime... is yours?
  2. Only two or four... by __aaclcg7560 · · Score: 4, Funny

    At least, Microsoft is maintaining great quality control.

  3. Is it really New? by ellem · · Score: 4, Funny

    I mean W2K has been around for about... uh, 5 years?

    So isn't this just an old exploit that was just found?

    See? Having 900,000,000,000 lines of code is a good thing.

    --
    This .sig is fake but accurate.
    1. Re:Is it really New? by 99BottlesOfBeerInMyF · · Score: 4, Interesting

      So isn't this just an old exploit that was just found?

      No. This is an old vulnerability that was just published, and had new exploits written and published for it. That is not to say other exploits have not existed for this vulnerability for the last five years.

  4. Registration form privacy information at eEye by mikeophile · · Score: 4, Insightful

    Our website's registration forms require users to provide contact information (names and email addresses) and financial information (account or credit card numbers). Financial information that is collected is used to bill the user for products and services purchased and is only used internally by eEye. Contact information is used to confirm and ship orders, to contact the user when necessary, and to notify users when new products and services are available. Users may choose not to receive future mailings from eEye; see the Choice/Opt-Out section below. eEye Digital Security may occasionally share visitor contact information with official product resellers that adhere to a comparable privacy policy; visitor contact information is NEVER given to other third-party vendors that are not affiliated with eEye.

    Why do they insist on my personal information if they aren't going to use it?

    They have the ability to let me opt out of of mailing, why don't they provide an opt out for my information in the first place?

  5. It is interesting that... by donleyp · · Score: 5, Insightful

    The exploits came out after the announcement and not before. It begs the question, do we need to give M$ credit for pushing the patch before the exploit became common knowledge? Compare this to Cisco who tried to squash recent publicizing of their vulnerability.

    --
    You got any karma man? I really neeed it. Just a little hit! Come on!
  6. Unless I'm mis-reading this... by goldspider · · Score: 4, Insightful

    ...Microsoft patched the holes BEFORE the exploits started circulating?

    If that's the case, what's the problem?

    --
    "Ask not what your country can do for you." --John F. Kennedy
    1. Re:Unless I'm mis-reading this... by Espectr0 · · Score: 4, Insightful

      Simple. It is known that exploits are made after MS releases the patch, by reverse engineering them. Since 90% of the people is stupid and don't patch their systems (i made this up) then these people get hit.

      My rant is not against MS. It's against people (supposedly people with knowledge) don't take the time to update their systems. SP2 actually improved this by trying to push the updates in the user's throats.

      --
      Open Source Java Web Forum with LDAP authentication
  7. Scanner? by Fear+the+Clam · · Score: 5, Funny

    "...eEye security, which has released a free scanner to help network admins identify vulnerable computers.

    What, the Windows startup screen wasn't sufficient to identify vulnerable computers?

  8. steps ahead by fihzy · · Score: 4, Funny


    Once again: (original at http://slashdot.org/comments.pl?sid=71367&cid=6457 101)

    10) find big remote vulnerability in product
    20) perfect the exploit
    30) have fun with it for months
    40) find another big hole in same product
    50) perfect exploit for hole
    60) alert vendor about original hole
    70) have fun with new hole
    80) goto 40