Remember that MS08-001 worm hole that Microsoft claimed was “difficult and unlikely” to be exploited in real-world conditions?
Well, a private pen-testing and vulnerability research outfit has released an exploit that fires against Windows XP SP2 (English), confirming fears that a Blaster-type network worm is theoretically very possible.
Immunity, Inc., which ships exploits to paying subscribers of its CANVAS platform, published a flash movie that shows the exploit in action. However, due to the complexity of the flaw, the exploit is not 100 percent reliable.
Immunity founder Dave Aitel said the exploit “demonstrates conclusively” that the flaw is “highly exploitable,” despite Microsoft’s public claims that a number of mitigation factors “make exploitation of this issue difficult and unlikely in real-world conditions.”
[ ALSO SEE: MS08-001: Open Door for the Next Big Windows Worm? ]
“In the movie you can see the attack target a local subnet which is populated with two Windows XP SP2 machines [with firewall enabled],” Aitel added.
He said the exploit was written by Immunity researcher Kostya Kortchinsky, who spent the last two weeks tweaking the code to make it reliable.