Published by admin on 26 Oct 2008 at 06:18 pm
That poor Microsoft server service…
So was tooling around on the web tonight and I finally found enough time to investigate the “new” server service vulnerability associated with Microsoft Security Bulletin MS08-067. I’m some what partial to the Microsoft server service because it has been on my radar since 2006 with the announcement on Microsoft Security Bulletin MS06-040. Since then, it’s been a constant pain for industry to make sure that all there systems are patched to this nasty little vulnerability and it looks like we’re going to need to be ready for round two.
Below is the “small” list the affected software…
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista and Windows Vista Service Pack 1
- Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
- Windows Server 2008 for 32-bit Systems*
- Windows Server 2008 for x64-based Systems*
- Windows Server 2008 for Itanium-based Systems
Just about the time I think I’m done with these something like this happens. Should be an interesting year considering a lot of folks running 2003, 2K8 and Vista have something to fear again.
***Update 3 minutes later***
Exploit code has been released into the wild under the following…
- TrojanSpy:Win32/Gimmiv.A
- TrojanSpy:Win32/Gimmiv.A.dll
***Update 5 minutes later***
Just found it on milworm…
- http://milw0rm.com/exploits/6824
- http://milw0rm.com/sploits/2008-ms08-067.zip
***Update 10 minutes later***
Nessus has published a check for 2k, xp and 2k3
- http://blog.tenablesecurity.com/2008/10/network-and-cre.html
***Update Thursday October 30th***
Well, it’s a wrap on this one. The vulnerability code is now available in the SVN version of metasploit and soon to show up in the other versions. That was fast!!! 