Exploit Code Published for Windows Worm Hole
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Exploit Code Published for Windows Worm Hole

Written By
Ryan Naraine
Ryan Naraine
Jul 24, 2006
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Detailed exploit code for a critical Windows worm hole has been published on the Internet, putting millions of users at risk of PC takeover attacks.

The code, which was posted to the Milw0rm Web site, attempts to exploit a known—and already patched—vulnerability in the DHCP (Dynamic Host Configuration Protocol) Client service.

Microsoft released the MS06-036 bulletin on July 11 to correct the flaw, and warned that a successful exploit could allow remote code execution on Windows 2000 SP4, Windows XP and Windows Server 2003.

Windows uses DHCP to reduce the complexity of administering network addresses. But because of an unchecked buffer, Microsoft said, an attacker could remotely hijack a compromised system to install programs, view, change or delete data, or create new accounts with full user rights.

/zimages/4/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis InternetsSecurity IT Hub.

According to Swa Frantzen, an incident handler with the SANS ISC (Internet Storm Center), the published exploit claims to add the user “bl4ck” with a very insecure password to cause the service to terminate.

/zimages/4/28571.gifClick hereto read more about Microsofts latest round of patches, including a “critical” Excel update.

“The author left some suggestions for improvement in the source code, so expect potentially nastier versions to be used in real life,” Frantzen said in an entry on the SANS ISC diary page. “If you still have not patched your Windows client systems, it is a very good time to do so now.”

Frantzen said he believes an attack could be successful on both wired and wireless networks. “Or it could be used in a multi-stage attack where this gets inside your network in other ways and then does its magic on the local LAN,” he said.

A separate proof of concept posted at Milw0rm also provides a path for hackers to exploit a remote code execution hole that was patched with Microsofts MS06-034 update.

Microsoft described the issue as a vulnerability in IIS (Internet Information Services) that could be exploited by a malicious hacker with a specially crafted ASP (Active Server Pages) file. “An attacker who successfully exploited this vulnerability could take complete control of an affected system,” Microsoft said.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
Ryan Naraine
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information