Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hackers Sniffing For Vulnerable Microsoft Servers


  • Please log in to reply
2 replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:01:20 AM

Posted 03 January 2005 - 10:18 AM

[Exploits] Microsoft WINS Remote Exploit (MS04-045), Windows NetDDE Remote Exploit (MS04-031)
http://lists.virus.org/kotik-0412/msg00032.html

The first public exploits have been released for both MS04-031 (NetDDE) and MS04-045 (WINS). Its hunting season once again it would appear. Both vulnerabilities from Q4 2004 have had the first publicly availible exploits released Friday. The Windows NetDDE RPC service is not started by default, but the exploit has been tested on Windows 2000 SP2 through SP4 and Windows XP SP0 through SP1. For WINS although the vulnerability allegedly affects up to and including Windows 2003 server the exploit has only been tested on Windows 2000. Keep an eye on Firewall and IDS logs for an increase in traffic on 42/TCP for the WINS and 139/TCP for NetDDE.

BC AdBot (Login to Remove)

 


#2 harrywaldron

harrywaldron

    Security Reporter

  • Topic Starter

  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:01:20 AM

Posted 04 January 2005 - 08:42 AM

ISC highlights an increase in WINS server vulnerablity (MS04-045) attacks

http://isc.sans.org//diary.php?date=2005-01-03

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:01:20 AM

Posted 05 January 2005 - 05:03 AM

Hackers Sniffing For Vulnerable Microsoft Servers

By TechWeb News January 04, 2005 (12:59 PM EST)

A vulnerability within Microsoft's WINS (Windows Internet Naming Service), a component of popular server software such as Windows Server 2003, has been heavily exploited since the last day of 2004, several security organizations reported Tuesday.

Although the vulnerability was patched in mid-December by Microsoft, the Internet Storm Center and the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) at the Indiana University have seen a drastic increase in the number of probes directed at WINS services (TCP and UDP ports 42).

"Patching these systems is now overdue," said the SAN Institute's Internet Storm Center in an online alert.

"Additionally, WINS services probably should not cross your border router...so block these ports and keep the rif-raf out in case your local Windows Server Admins have not patched for this," the Center continued.

The patch for the WINS issue can be found on Microsoft's Web site.


TECHNET News article

Microsoft's Web site patch
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users