Microsoft Bracing for Worm Attack

10010010 writes "A network worm attack targeting a critical Microsoft Windows vulnerability appears inevitable. The flaw is easy to exploit, as evidenced by the quick release of an exploit module for HD Moore's Metasploit Framework. Within hours of the Patch Day release Tuesday, two pen testing companies (Immunity and Core) created and released 'reliable exploits' for the flaw, which was deemed wormable on all Windows versions, including Windows XP SP2 and Windows Server 2003 SP1."

Re:So, an Exploit For a Patch?

It wasn't 23 patches: it was 12 patches that covered 23 vulnerabilities.

Yes, it's worms exploiting the MS06-040 vulnerability that they're worried about.

As long as you're properly firewalled from the rest of the world it can't get in but you should still get everything patched in case the worm gets inside your firewall e.g. as a trojan.

Not quite

[jackmama]

which was deemed wormable on all Windows versions, including Windows XP SP2 and Windows Server 2003 SP1

HD Moore posted a followup to the Daily Dave mailing list admitting defeat on those two platforms:

Time to eat my words. The wcscpy() destination pointer trick doesn't seem
doable on XP SP2 or 2003 SP1. I don't believe you can exploit this bug
for more than a DoS on 2003 SP2/XP SP1. If you have information to the
contrary, please share.

All other Windows platforms remain easily exploitable, though.

Re:So, an Exploit For a Patch?

They looked at the patch to find what is being patched, so now they know how to exploit the bug that is fixed by the patch. If your admin updated every Windows computer, you should be fine. The millions of unpatched systems on the internet however will most likely be wide open and added to botnets in a couple of days. Consequently even the users of well-administered Windows computers and other operating systems will feel the fallout of this vulnerability.