MS06-035 (CVE-2006-1314) looks to be the most dangerous of the
vulnerabilities announced this month, specifically the Mailslot heap overflow.
The vulnerability can be exploited remotely against the "Server" service.
So this would definitely be something that could be used for
widespread compromise with no user interaction, or a worm.
Looks like Windows 2000 SP4 is vulnerable by default. Windows XP SP2
and Server 2003 don't appear to be vulnerable with a default
installation unless services are listening on Mailslots. At this
point, it is unclear exactly what software would enable Mailslots to
create a vulnerable condition.
So how long before exploit code is available? Well, clever readers
will have noticed that Pedram Amini and H D Moore are credited with
discovering this vulnerability (the Mailslot heap overflow). Those
guys are some of the best in the business, so you do the math... I'm
guessing that they have had reliable exploit code working for a while
now. (I can just see all the script kiddies hitting refresh every ten
seconds on metasploit.com).
You should probably make this your top priority in patching.
Jul 11th 2006
1 decade ago