Detailed exploit code for a critical Windows worm hole has been published on the Internet, putting millions of users at risk of PC takeover attacks. The code, which was posted to the Milw0rm Web site, attempts to exploit a known—and already patched—vulnerability in the DHCP (Dynamic Host Configuration Protocol) Client service.
Microsoft released the MS06-036 bulletin on July 11 to correct the flaw, and warned that a successful exploit could allow remote code execution on Windows 2000 SP4, Windows XP and Windows Server 2003. Windows uses DHCP to reduce the complexity of administering network addresses. But because of an unchecked buffer, Microsoft said, an attacker could remotely hijack a compromised system to install programs, view, change or delete data, or create new accounts with full user rights.
View: The full story
News source: eWeek
Microsoft released the MS06-036 bulletin on July 11 to correct the flaw, and warned that a successful exploit could allow remote code execution on Windows 2000 SP4, Windows XP and Windows Server 2003. Windows uses DHCP to reduce the complexity of administering network addresses. But because of an unchecked buffer, Microsoft said, an attacker could remotely hijack a compromised system to install programs, view, change or delete data, or create new accounts with full user rights.
View: The full story News source: eWeek
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.