Exploit Circulating for Windows LSASS Vulnerability
Separate vulnerability was patched with same cumulative patch as the SSL vulnerability being exploited in recent days.An exploit has begun circulating for another of the vulnerabilities in Windows revealed by Microsoft Corp. earlier this month. The vulnerability, a buffer overrun in the Local Security Authority Subsystem Service (LSASS), was patched as part of a large, cumulative update coded MS04-011. The exploit takes the form of a new variant of the Gaobot worm. According to McAfees Avert research, this worm has had almost a thousand variations since its initial release, partly because the source to the worm has been released as well. Once installed, the worm allows a remote attacker to perform a large number of dangerous operations, including installing and removing software, performing denial of service attacks, and shutting down the computer.
The MS04-011 patch that addresses this problem is the same one that addresses
Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page: