Exploit code raises fresh Zotob alarm

by admin October 24, 2005 at 9:37 pm

Code has been published that demonstrates how to exploit a flaw in Windows similar to that used by the Zotob worm

Exploit code was published Friday for a Windows flaw similar to the vulnerability that led to the Zotob worm that wreaked havoc in August.

The code takes advantage of a bug related to plug-and-play technology in Windows 2000 and Windows XP. Microsoft provided a patch for the flaw on 11 October in security bulletin MS05-047, along with fixes for 13 other Windows flaws. The software maker rated the issue “important”.

The plug-and-play exploit code is not the first to surface for a flaw that was fixed in Microsoft’s October patch cycle. Other exploits have been published on the Internet or reported privately. Release of such code typically is a prelude to an attack. However, while some experts have raised the worm alarm, attacks have yet to appear.

The exploit causes a vulnerable system to crash, but it’s unlikely to be used for a worm, a Symantec representative said. “It does not gain local access to machines,” the representative said.

Full story: ZDNet UK