Thursday, August 10, 2006

MS06-040 Public Exploit - UPDATED

Metasploit has added an exploit for the buffer overflow vulnerability in the Microsoft Windows Server service (MS06-40).

Description

This module exploits a stack overflow in the NetApi32 NetpIsRemote() function using the NetpwPathCanonicalize RPC call in the Server Service. It is likely that other RPC calls could be used to exploit this service. This exploit will result in a denial of service on on Windows XP SP2 or Windows 2003 SP1. A failed exploit attempt will likely result in a complete reboot on Windows 2000 and the termination of all SMB-related services on Windows XP. The default target for this exploit should succeed on Windows NT 4.0, Windows 2000 SP0-SP4+, and Windows XP SP0-SP1.

US-CERT recommends users and administrators apply the appropriate updates in Microsoft Security Bulletin MS06-040 as soon as possible.

More information about this vulnerability can be found in Vulnerability Note VU#650769 and Technical Cyber Security Alert TA06-220A.

I have heard about the campfire that Core Impact has also released a MS06-040 exploit module to their customers.

eEye Digital Security has released Retina MS06-040 NetApi32 Scanner. It can be used to find machines on your network that are still open to attack.

You may remember eEye from the third-party WMF patch media event.

** UPDATE **

I have already spotted several hits on this blog from people that found me via a Blogger search of "MS06-040 exploits". Why are they looking? Who knows...but everyone should patch'em if you got'em.

No comments:

Post a Comment