Three Exploits for the latest vulnerabilities (MS04-11 and TCP Reset)

TCP Connection Reset Remote Windows 2K/XP Attack Tool Source Code

AFX TCP Reset by Aphex

Microsoft IIS 5.0 SSL Remote buffer overflow Exploit (MS04-011)

THCIISSLame 0.2 – IIS 5 SSL remote root exploit
/* Exploit by: Johnny Cyberpunk (
/* Bug was found by Internet Security Systems
/* Reversing credits of the bug go to Halvar Flake

Microsoft Windows Utility Manager Local SYSTEM Exploit (MS04-011)

// By Cesar Cerrudo cesar appsecinc com
// Local elevation of priviliges exploit for Windows Utility Manager
// Gives you a shell with system privileges
// If you have problems try changing Sleep() values.

These are just one more reason to start (or hopefully complete) the patch testing process. We have already discovered some systems broken by the above patch and had to have the patch removed. These types of dilemmas are never fun — do you break the application or do you leave the system open for exploit? Really it comes down to how important the application is for your organization or if you have other barriers in place. In the end, the security practitioner has to logically accept the risk or capitulate to it (i.e. patch the system).

For a final perspective, here is SANS recent view on the patches:

“IT IS IMPERATIVE THAT THE PATCHES PROVIDED BY MICROSOFT IN ITS APRIL SECURITY RELEASE BE APPLIED TO SYSTEMS AS SOON AS POSSIBLE. It is our belief that the likelihood of a worm being released SOON that exploits one of the vulnerabilities addressed by these patches is VERY HIGH,” Tom Liston, a handler on duty for the security-focused SANS Institute, wrote in a post a few days after Microsoft posted the bulletins. (Emphasis SANS)

via ENT News


Comments are closed.