Exploits for MS04-011 in the wild *PATCH NOW*

http://isc.sans.org/diary.php?date=2004-04-15

Dave Aitel of Immunity Security has stated publicly that they have released working exploits of two vulnerabilities patched by MS04-011 to their CANVAS customers:

http://lists.immunitysec.com/pipermail/dailydave/2004-April/000500.html

The LSASS.EXE vulnerability can be exploited to run arbitrary code with system privileges on vulnerable servers. eEye Digital Security has more details and also confirms the ability to run arbitrary code with system privileges using this vulnerability:

http://www.eeye.com/html/Research/Advisories/AD20040413C.html

Immunity’s claim that they have a working ASN.1 exploit has not been directly confirmed, but we have several anonymous confirmations that working exploits exist.

IT IS IMPERATIVE THAT THE PATCHES PROVIDED BY MICROSOFT IN ITS APRIL SECURITY RELEASE BE APPLIED TO SYSTEMS AS SOON AS POSSIBLE. It is our belief that the likelihood of a worm being released SOON that exploits one of the vulnerabilities addressed by these patches is VERY HIGH.

http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx is the MS bulletin.

You’ve been warned. Get your stuff patched ASAP.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: This post is over 5 years old. You may want to check later in this blog to see if there is new information relevant to your comment.