Immunity launches exploit for 'unlikely' Windows worm hole

Immunity launches exploit for 'unlikely' Windows worm hole

Summary: A workable exploit attack for a TCP/IP vulnerability in Microsoft's Windows has been launched into the wild courtesy of security firm Immunity.On Jan.

SHARE:

A workable exploit attack for a TCP/IP vulnerability in Microsoft's Windows has been launched into the wild courtesy of security firm Immunity.

On Jan. 17, it became clear that you shouldn't dawdle on deploying Microsoft's MS08-001 patch. That patch, issued Jan. 8, fixed a Transmission Control Protocol/Internet Protocol (TCP/IP) processing vulnerability that was critical for XP and Vista. After security firm Immunity issued a proof of concept, Microsoft acknowledged the vulnerability, but said an attack was "unlikely."

With Microsoft's assessment it basically threw down the gauntlet. A few days later Immunity is at it again--this time with a workable exploit.

Immunity ships exploits for its paying subscribers has issued a flash movie detailing the exploit in action. It isn't 100 percent reliable, but the odds are better than unlikely now.

Here are a few screens from the movie:

immunity.png

And.

immunity2.png

Your turn Microsoft. Ryan Naraine has more.

Topics: Security, Microsoft, Networking, Operating Systems, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

15 comments
Log in or register to join the discussion
  • lol

    "Microsoft acknowledged the vulnerability, but said an attack was 'unlikely.'"

    LOL!

    Some things in life may be statistical, but a hacker taking advantage of a vulnerability isn't one of them. If it's possible, they'll do it, guaranteed.
    CobraA1
    • Exactly

      Unless you have proof that it's not exploitable, assume it is. Someone is always better than you, and you aren't going to see all the possible ways something can be broken.
      rpmyers1
      • Unless...

        ...the so-called "security" firm wanting their day in the sun gets P.O.'d about it and decides to release it itself. The flaw WAS initially patched as a "critical" defect. Blame Redmond all you want, but ultimately BLAME for any of this getting out in the wild goes backs to the irresponsible nimrods at Immunity who think they are above responsibility. They found this flaw, reported it, got it patched by the vendor, then they still release the code anyways.

        So we now [i]know[/i] who's at fault here if a major breakout occurs. Pity the class-action types that Immunity probably doesn't have any sort venture capital or deep pockets lying around. Then again, they could probably go after Redmond for "callous dismissal of Immunity's claims".
        flatliner
  • RE: Immunity launches exploit for 'unlikely' Windows worm hole

    Wow! Windows has an exploit? One that is exploitable? Really??? No way! Not the "great Microshaft" that we have all come to know and hate!

    Come on Microsoft! If there is a will there is a way -- goes the saying and there is plenty of will and Microsoft has the way... so unlikely??? No!
    sshoemaker@...
  • exploit works locally and on winxp only

    exploit works locally and on winxp only.
    qmlscycrajg
    • Yeah ... for now ... (NT)

      ;)
      OButterball
  • RE: Immunity launches exploit for 'unlikely' Windows worm hole

    OK, so all laughing asside, why are non of you indignant that a supposedly legit company has released an exploit into the wild? I can understand you expecting that some "hacker" will try the exploit but why is a supposed legit security company doing so, except, maybe to pad it's own pockets. I have to wonder whose interest they are working for. I figure that the more scare they throw out there, the more money they stand to make as people pay for security. They have an inherent conflict of interest in this. They are the ones you should be outraged about.
    It's like if someone discovered that a certain kind of house lock was easy to pick and started handing out the instructions to everyone on the street. don't start yelling at the lock company, however at fault they may be, they cannot take all the blame when your house gets broken into. Admitedly, This senario would be quite rare because physical devices don't spread as quickly as information on the Web does but it's the same thing.

    We should be calling for the head (theoreticallY) of the company who allows such a thing to be released, not laughing at all the poor saps who get caught and robbed because of it or blaming the lock company (MS in this case) because of a fault in their product.

    Your indignation needs to find the real targets. The people who are actually doing the damage and/or facilitating them. Nothing is ever really secure so stop whining and expecting that it should be.
    mombo
    • You're missing the critical difference

      House locks, being physical items, are difficult to change. But this faulty code is information. All Microsoft has to do is patch this and ship it over Windows Update, and the hole's as good as gone. If they refuse to do that when it's been demonstrated that a flaw exists in their code, then they are responsible for leaving their users open to attack.

      Any damage caused by Immunity releasing the exploit details is more perceived than real, because hackers would have found this problem anyway, and they certainly wouldn't have shared the details of how they were breaking into people's computers with Microsoft, leaving the patch-writers at a disadvantage. It's a question of a little bit of trouble now, or a [b]lot[/b] of trouble further down the road.
      masonwheeler
      • Well...

        I'd have preferred if they (immunity?) had released a work-around with the "exploit." That'd have a lot more integrity to it all. I am so tempted by a car analogy but I have resisted the temptation :P
        ego.sum.stig
      • Microsoft has released a patch

        So indeed, the "hole's as good as gone."
        PB_z
  • Divulging an exploit:

    usually known by the high level hacker/cracker, but not necessarily to the novice or those who invest in exploiting them for financial gain, per say to increase a bot farm or info harvesting. The novice and the commercially corrupt may not have the same intel, . . . oops, but now they immunity . .
    Boot_Agnostic
    • Forgot

      and yes, MS should do all that it can to wipe exploits out, especially divulged ones as it's like advertising a hot sale, come one come all, before the prices change. MS needs to role out fixes as critically fast as possible and stop the 'we don't believe' its a threat, treat it as if it were a great threat yesterday. . . . . Unless you're pro-actively blocking old spreadsheet and word processor file formats. Leave those only until someone else says they're vulnerable ;)
      Boot_Agnostic
  • RE: Immunity launches exploit for 'unlikely' Windows worm hole

    Patch has been available since Jan. 8, 2008. If you're vulnerable, then there's nobody to blame but yourself.
    djchandler
  • ever heard of triage

    It happens everywhere. It's the process of trying to decide which "patients" are critical, which are lost causes and which can wait a while because nothing is going to happen in the immediate future. If I come to the emergency room and do something to screw up the triage process so that the decidsions made by the triage nurse is suddenly no longer valid. that doesn't mean his/her decision was Wrong, just no longer valid.
    In this case a decision was made based on the perceived risk. that decision is now not as valid as it may have been initially but that's beside the point.

    Immunity released the exploit to the wild so the hackers can use it immediately. Yes, some one eventually would have found it and figured out how to exploit it. But now, the don't have to "find it" and they don't even have to figure out how to exploit it. They just have to use the code that was released. The real evil behavior here is those people who released this code and of course the ones who use it. I'd say equal evil. there is no "good" use for releasing the code. The people at Immunity knew that no good could come from this. They should face some consequences.
    mombo
  • RE: Immunity launches exploit for 'unlikely' Windows worm hole

    Mt2 turk MMO PvP game download online game servers
    <a href="http://www.metin2oyunu.org" title="metin2" target="_blank">metin2</a> - <a href="http://www.metin2oyunu.org/indir" title="metin2 indir" target="_blank">metin2 indir</a> - <a href="http://www.metin2oyunu.org/hileler" title="metin2 hile" target="_blank">metin2 hile</a> - <a href="http://www.metin2oyunu.org/gm-komutlari" title="metin2 gm komutlari" target="_blank">metin2 gm komutlari</a> - <a href="http://www.metin2oyunu.org/category/metin2-at-gorevleri" title="metin2 at gorevleri" target="_blank">metin2 at gorevleri</a>
    MMO online games, game related content turk mt2 pvp servers
    <a href="http://www.metin2pvpserver.net" title="metin 2" target="_blank">metin 2</a> - <a href="http://www.metin2pvpserver.net" title="pvp" target="_blank">pvp</a> - <a href="http://www.metin2pvpserver.net" title="server" target="_blank">server</a> - <a href="http://www.metin2pvpserver.net/knight" title="knight" target="_blank">knight</a>
    Mt2 turk MMO PvP game servers online
    <a href="http://www.metin2pvpserverlar.com" title="metin2 pvp sererler" target="_blank">metin2 pvp sererler</a> - <a href="http://www.metin2pvpserverlar.com" title="pvp serverlar" target="_blank">serverlar</a> - <a href="http://www.metin2pvpserverlar.com" title="pvp serverler" target="_blank">pvp serverler</a> - <a href="http://www.metin2pvpserverlar.com" title="metin2 pvp sererlar" target="_blank">metin2 pvp sererlar</a> - <a href="http://www.metin2pvpserverlar.com/pvp-kenti" title="pvp kenti" target="_blank">pvp kenti</a>

    download http://www.metin2oyunu.org game servers online http://www.metin2pvpserver.net turk mt2 pvp servers http://www.metin2pvpserverlar.com
    <a href="http://www.metin2turkiye.net" title="mt2" target="_blank">mt2</a>
    <a href="http://www.metin2turkiye.net" title="metin2 turk" target="_blank">metin2 turk</a>
    <a href="http://www.metin2turkiye.net" title="mt2 turk" target="_blank">mt2 turk</a>
    <a href="http://www.metin2turkiye.net" title="metin2 tr" target="_blank">metin2 tr</a>
    <a href="http://www.metin2oyunu.org/indir" title="metin 2" target="_blank">Metin 2</a>
    <a href="http://www.metin2oyunu.org/tag/alemt2-kaydol-alemt2-indir" title="alemt2 indir" target="_blank">alemt2 indir</a>
    <a href="http://www.metin2oyunu.org/tag/alemt2-kaydol-alemt2-indir" title="alemt2 kaydol" target="_blank">alemt2 kaydol</a>
    <a href="http://www.metin2oyunu.org/tag/alemt2-kaydol-alemt2-indir" title="alemt2" target="_blank">alemt2</a>
    <a href="http://www.metin2oyunu.org/tag/fancy-mt2-kaydol" title="alemt2 kaydol" target="_blank">fancymt2 kaydol</a>
    <a href="http://www.metin2oyunu.org/tag/fancy-mt2" title="alemt2 kaydol" target="_blank">fancy mt2</a>
    <a href="http://www.metin2oyunu.org/tag/mt2-pvp" title="mt2 pvp" target="_blank">mt2 pvp</a>
    <a href="http://www.metin2oyunu.org/metin2-pvp-serverler" title="metin2 pvp" target="_blank">metin2 pvp</a>
    <a href="http://www.metin2oyunu.org/metin2-pvp-serverler" title="metin2 pvp" target="_blank">metin2 pvp serverler</a>
    <a href="http://www.metin2oyunu.org/metin2-pvp-serverler" title="pvp" target="_blank">pvp</a>
    <a href="http://www.metin2oyunu.org/metin2-pvp-serverler" title="metin2" target="_blank">metin2</a>
    <a href="http://www.metin2oyunu.org/metin2-pvp-serverler" title="serverler" target="_blank">serverler</a>
    <a href="http://www.metin2oyunu.org/metin2-pvp-serverler" title="serverler" target="_blank">serverler</a>

    <a href="http://www.metin2pvpserver.net" title="metin2pvpserver" target="_blank">metin2pvpserver</a>
    <a href="http://www.metin2pvpserver.net" title="metin2 pvp server" target="_blank">metin2 pvp server</a>
    <a href="http://www.metin2pvpserver.net" title="metin2 pvpserver" target="_blank">metin2 pvpserver</a>
    <a href="http://www.metin2pvpserver.net" title="metin2pvp server" target="_blank">metin2pvp server</a>
    <a href="http://www.metin2pvpserver.net" title="metin2pvp" target="_blank">metin2pvp</a>
    <a href="http://www.metin2pvpserver.net" title="metin2 server" target="_blank">metin2 server</a>


    <a href="http://www.metin2pvpserverlar.com" title="metin2pvpserverlar" target="_blank">metin2pvpserverlar</a>
    <a href="http://www.metin2pvpserverlar.com" title="metin2 pvp serverlar" target="_blank">metin2 pvp serverlar</a>
    <a href="http://www.metin2pvpserverlar.com" title="metin2pvp serverlar" target="_blank">metin2pvp serverlar</a>
    <a href="http://www.metin2pvpserverlar.com" title="metin2 serverlar" target="_blank">metin2 serverlar</a>

    <a href="http://www.faceara.com" title="face" target="_blank">face</a>
    <a href="http://www.faceara.com" title="facebook" target="_blank">facebook</a>
    zafer12