Microsoft Confirms Zero-Day Hours After Exploit

Posted by CmdrTaco on Tuesday January 4, 2011 @11:49AM from the that's-sum-sploit dept.

CWmike writes "Microsoft confirmed on Tuesday an unpatched vulnerability in Windows just hours after a hacking toolkit published an exploit for the bug. A patch is under construction, but Microsoft does not plan to issue an emergency update to fix the flaw. The bug was first discussed Dec. 15 at a South Korean security conference, but got more attention Tuesday when the open-source Metasploit penetration tool posted an exploit module crafted by researcher Joshua Drake. Metasploit says successful attacks are capable of compromising victimized PCs, then introducing malware to the machines to pillage them for information or enlist them in a criminal botnet."

3 of 53 comments (clear)

Min score:

Reason:

Sort:

Would it kill you to link to the Microsoft article by BBTaeKwonDo · 2011-01-04 11:52 · Score: 4, Informative

http://www.microsoft.com/technet/security/advisory/2490606.mspx
Re:Bashfest by Microlith · 2011-01-04 11:54 · Score: 4, Informative

Oh wait, this is a NEW bug. Not the one noted above. Silly me.
Non-Affected Software by BasharTeg · 2011-01-04 12:13 · Score: 4, Informative

Non-Affected Software
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems