Exploit Already Out For New Microsoft DTC Windows 2000 Bug!!

Posted by bink on October 13 2005, 1:44 PM. Posted in Windows 2000.

Running Windows 2000? Test and deploy the latest security patches now, before the worm starts spreading. An exploit was released Wednesday for the most dangerous of the 14 vulnerabilities that Microsoft unveiled Tuesday, making the appearance of a worm virtually a lock, said a security expert.

The exploit is against the MSDTC vulnerability within Windows, which was patched Tuesday by Microsoft and outlined in its MS05-051 security bulletin. Because the MSDTC component -- which coordinates any sort of transaction on multiple servers -- is enabled by default and remotely exploitable on Windows 2000 systems, experts fear that the bug will result in a repeat of the Zotob attacks of August. Most security analysts named the flaw as the most dangerous of Tuesday's bunch.

Wednesday, an exploit was made available to customers of Immunity Security's Canvas vulnerability tool, said security giant Symantec in an alert to users of its DeepSight Threat Management System.

"It's a fully-functional exploit that's shipping to [Canvas] customers," said Alfred Huger, the senior director of engineering for Symantec's security response team.

Huger believes that a working exploit will soon hit vulnerable systems. "If [Immunity] can write it, others will, too. Expect something in pretty short order."

The Zotob bot worm appeared just five days after the disclosure of a Plug and Play vulnerability in Windows 2000, and Huger wouldn't be surprised to see the pattern repeat.

"This vulnerability will be impossible for some [hackers] to resist," Huger said. "The target environment is just too rich." Download free scanner tool!

<!-- PAGE NUMBERS -->