Exploit code raises fresh Zotob alarm
Code has been published that demonstrates how to exploit a flaw in Windows similar to that used by the Zotob worm
Exploit code was published Friday for a Windows flaw similar to the vulnerability that led to the Zotob worm that wreaked havoc in August.
The code takes advantage of a bug related to plug-and-play technology in Windows 2000 and Windows XP. Microsoft provided a patch for the flaw on 11 October in security bulletin MS05-047, along with fixes for 13 other Windows flaws. The software maker rated the issue “important”.
The plug-and-play exploit code is not the first to surface for a flaw that was fixed in Microsoft’s October patch cycle. Other exploits have been published on the Internet or reported privately. Release of such code typically is a prelude to an attack. However, while some experts have raised the worm alarm, attacks have yet to appear.
The exploit causes a vulnerable system to crash, but it’s unlikely to be used for a worm, a Symantec representative said. “It does not gain local access to machines,” the representative said.
Full story: ZDNet UK