Win2K Serious Hack
#1
Scooby Regular
Thread Starter
Join Date: Oct 2001
Location: Lovely Lancing in West Sussex
Posts: 3,449
Likes: 0
Received 0 Likes
on
0 Posts
Nice one Jeff,
I'll have a look at this on Monday as I am not in a rush to sort out our boxes (just been made redundant )
Darren
[Edited by darlodge - 9/1/2002 12:22:16 AM]
I'll have a look at this on Monday as I am not in a rush to sort out our boxes (just been made redundant )
Darren
[Edited by darlodge - 9/1/2002 12:22:16 AM]
#2
Scooby Regular
Another problem for microsoft....
I've actually tried this on both XP & Win2K server/workstation and it does work !.....time to get patching...
From W2KNews
I haven't seen much noise on this list about MS02-045 (Unchecked Buffer in Network Share Provider Can Lead to Denial of Service (Q326830)), but the implications are very nasty. Any unpatched WinNT/2K/XP or .NET machine on your network that's listening on port 139 and/or 445 can be crashed in about two seconds with a malformed SMB packet. I highly disagreed with Microsoft's assessment that this was only a "moderate" threat level to intranet and desktop systems because the exploit is so easy to perform.
It was bad enough in theory, but now a script-kiddie friendly GUI version of the exploit has been posted on PacketStorm, and it works against all of the above. We worked through the weekend to get a large percentage of our boxes patched - you may have to do the same. You can try for yourself at:
http://www.w2knews.com/rd/rd.cfm?id=...RN-PacketStorm
[Editor's note] The fact this thing is out now with a GUI and can sit on a desktop as an icon makes it really dangerous.
The Patch is here (MS02-45):
http://www.w2knews.com/rd/rd.cfm?id=020902RN-Patch
Need a fast way to roll out and manage patches, completely automatic?
http://www.w2knews.com/rd/rd.cfm?id=...N-UpdateEXPERT
Have fun
Jeff
[Edited by Jeff Wiltshire - 8/31/2002 3:16:32 PM]
I've actually tried this on both XP & Win2K server/workstation and it does work !.....time to get patching...
From W2KNews
I haven't seen much noise on this list about MS02-045 (Unchecked Buffer in Network Share Provider Can Lead to Denial of Service (Q326830)), but the implications are very nasty. Any unpatched WinNT/2K/XP or .NET machine on your network that's listening on port 139 and/or 445 can be crashed in about two seconds with a malformed SMB packet. I highly disagreed with Microsoft's assessment that this was only a "moderate" threat level to intranet and desktop systems because the exploit is so easy to perform.
It was bad enough in theory, but now a script-kiddie friendly GUI version of the exploit has been posted on PacketStorm, and it works against all of the above. We worked through the weekend to get a large percentage of our boxes patched - you may have to do the same. You can try for yourself at:
http://www.w2knews.com/rd/rd.cfm?id=...RN-PacketStorm
[Editor's note] The fact this thing is out now with a GUI and can sit on a desktop as an icon makes it really dangerous.
The Patch is here (MS02-45):
http://www.w2knews.com/rd/rd.cfm?id=020902RN-Patch
Need a fast way to roll out and manage patches, completely automatic?
http://www.w2knews.com/rd/rd.cfm?id=...N-UpdateEXPERT
Have fun
Jeff
[Edited by Jeff Wiltshire - 8/31/2002 3:16:32 PM]
Thread
Thread Starter
Forum
Replies
Last Post
Blue by You
Non Scooby Related
48
30 September 2015 01:27 PM