[<prev] [next>] [day] [month] [year] [list]
Message-ID: <19586294.120941156968240392.JavaMail.juha-matti.laurio@netti.fi>
Date: Wed, 30 Aug 2006 23:03:59 +0300 (EEST)
From: Juha-Matti Laurio <juha-matti.laurio@...ti.fi>
To: H D Moore <fdlist@...italoffense.net>, full-disclosure@...ts.grok.org.uk
Cc:
Subject: Re: NT4 worm
My point was to clarify if these reports are especially related to NT4 machines and the reply states they are.
I.e. when word 'NT4' was used in the title I made a conclusion that there was observations about infected NT4 machines.
Absolutely the exploit will work on W2K boxes.
BTW: Can someone confirm that Netapi32.dll (vulnerable component of MS06-040) is part of fully patched NT4.0 installation.
Thanks.
- Juha-Matti
H D Moore <fdlist@...italoffense.net> wrote:
>
> The exploit for NT 4.0 is *exactly* the same packet as the one you would
> also use on Windows 2000. I am suprised that this is considered a "NT 4"
> worm and not a "Windows 2000 (+NT 4.0)" worm. Is something specific about
> the exploit they use that prevents it from working on Windows 2000?
>
> -HD
>
> On Wednesday 30 August 2006 10:11, Juha-Matti Laurio wrote:
> > Are the machines you have experience especially NT4.0 machines?
> > It appears that one of the PoC's (public on Monday 28th Aug) lists the
> > following information: "Systems Affected:
> > * Microsoft Windows 2000 SP0-SP4
> > * Microsoft Windows XP SP0-SP1
> > * Microsoft Windows NT 4.0"
> >
> > but reportedly it is tested against XPSP1 and W2KSP4 systems.
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists