Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Internet Storm Center evaluates moving to YELLOW

  • Please log in to reply
No replies to this topic

#1 harrywaldron


    Security Reporter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:10:14 AM

Posted 24 April 2004 - 08:34 AM

SANS is evaluating moving to a heightened YELLOW alert status for the Internet Storm Center. As malicious individuals are most likely trying to craft new Internet worms, hopefully this event will be delayed as long as possible, so that everyone can complete the job of patching up.


Internet Storm Center evaluates moving from GREEN to YELLOW

Potential Microsoft PCT worm (MS04-011)

In response to observed active exploit of the PCT vulnerability, announced in Microsoft Bulletin MS04-011, some AV vendors have raised alert status. The IT-ISAC reports that some IDS are "detecting and blocking attacks against many institutions. The attacks are attempting to steal data and/or break into payment systems."

An exploit for this issue currently being used to compromise vulnerable systems running SSL-enabled IIS 5.0. Note the vulnerability exists in any SSL-enabled program which is running on vulnerable Windows systems. Windows 2003 Server is not affected if PCT is disabled."

Possible move to Yellow
We are closely monitoring the IIS exploit and may move to Yellow this evening.

* * * * * * *

CERT -- More on the new PCT Exploit

Exploit for Microsoft PCT vulnerability released

Exploit code has been publicly released that takes advantage of a buffer overflow vulnerability in the Microsoft Private Communication Technology (PCT) protocol. The vulnerability allows a remote attacker to execute arbitrary code with SYSTEM privileges. More information about the vulnerability is available in TA04-104A and VU#586540.

US-CERT is aware of network activity that is consistent with scanning and/or exploit attempts against this vulnerability. Reports indicate increased network traffic to ports 443/tcp and 31337/tcp. The PCT protocol runs over SSL (443/tcp) and the known exploit code connects a command shell on 31337/tcp. Note that the exploit code could be modified to use a different port or to execute different code. This vulnerability is remedied by the patches described in Microsoft Security Bulletin MS04-011.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users