48Bits has released code for remotely exploiting vulnerable Windows 2000 machines via the RPC interface.
A little bit of background. Ten days ago ZDI published an advisory about a stack overflow in the Microsoft Windows Message Queuing Service (CVE-2007-3039). At the same time Microsoft released a patch (MS07-065) which replaces MS05-017 and fixes this issue under Windows 2000 SP4 and Windows XP SP2.
The vulnerability affects Windows XP and has been rated Moderate as it requires local exploitation. However under Windows 2000 it can be exploited remotely and has been labeled Important.
If you manage Windows 2000 machines make sure that you either:
a) apply the patch,
b) disable Microsoft Windows Message Queuing Service, or
c) block inbound traffic on ports higher than 1024 or specially configured RPC ports.
We just got
back from the AAVAR 2007 conference in Seoul,
(Association of AntiVirus Asia Researchers). I have to
say that it was a great conference where members from AV companies from around
the world got a chance to get together, discuss new malware and anti-malware
tendencies and, of course, have a good time.
actual conference we had a couple of meetings with WildList Reporters and AVPD
(AntiVirus Product Developers) of ICSALabs. Even though it's good to see that
some people are worried about maintaining the WildList as-is, it is very
important that the WildList innovates and adapts to current times and malware
peculiarities. This is particularly relevant as the majority of Antivirus
product certifications and testing are based on the WildCore, which does not
include Trojans, Ad/Spyware, rootkits, bots, etc.
conference itself was a two day event where people from different parts of the
world presented about their views of malware attacks, testing methodologies,
new protection technologies, etc. Some were very interesting, such as the
presentation by AhnLab's Deokyoung Jung (Andy)
titled "New Attacks in Online Game Security" and Mr. Chen Rui of
Kingsoft with his presentation on "Research & Defense on
Password-stealing Trojans in China", which is a good trend in modern
anti-malware techniques similar to our Panda Collective Intelligence.
The other really interesting presentations from AV testing perspective were
"Testing, Testing: Anti-Malware Evaluation for the Enterprise" from Andrew Lee and
specially "Testing of Dynamic Detection" by Maik Morgenstern &
Andreas Marx from AV-Test.org, which has gotten some people's attention here and here.
conference we had a chance to get to know some of the better things of Korea. The
organizers took us to see the DMZ with North Korea, which was awesome. I
have to praise our hosts and friends at AhnLab and specially Andy for a great time and their
efforts to make us feel at home, specially the visit to BTB
There are a variety of different gadgets, information feeds and blogs that we keep live at Panda Security. Sometimes it can be difficult findind the right one when serching for something in particular. Therefore I have listed the main ones here:
For those of you that use Netvibes, you can automatically add a preconfigured "Panda Security" Tab that includes all these items to your universe by clicking on the Netvibes icon below.