[Dshield] Windows 2000 users: "Patch now or else..."

David Taylor ltr at isc.upenn.edu
Sat Aug 13 11:29:42 GMT 2005

Something in this article bothers me.

Researchers at eEye Digital Security also raised the alarm after testing the
published exploits. "Upon discovering two instances of exploit code online,
[we] conducted thorough testing to confirm that both present a legitimate
threat to Windows 2000 systems (completely patched SP 4 with all hotfixes).
One exploit, released by an anonymous author, will bind a command prompt to
TCP port 8721," the company warned.

Are they saying fully patched windows machines are still vulnerable?

David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security 
Philadelphia PA USA
LTR at ISC.UPENN.EDU               (215) 898-1236

SANS - The Twenty Most Critical Internet Security Vulnerabilities 

SANS - Internet Storm Center

-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Fergie (Paul Ferguson)
Sent: Friday, August 12, 2005 6:41 PM
To: list at lists.dshield.org
Subject: [Dshield] Windows 2000 users: "Patch now or else..."

Ryan Naraine writes in eWeek:


Windows 2000 users, patch now or else...

That's the blunt warning from Microsoft Corp.'s security response center
after "detailed exploit code" for a wormable flaw started circulating on
underground security Web sites.

The software maker rushed out an advisory late Thursday night to warn that
unpatched Windows 2000 users are at the biggest risk of a PC takeover

Ziff Davis Internet News has confirmed the existence of at least five
exploits targeting several different vulnerabilities patched by Microsoft
earlier this week.

The one that worries Microsoft the most is the exploit for the Plug and Play
vulnerability addressed in the MS05-039 bulletin.



See also:

"Hackers Said To Be Close To Windows 2000 Worm"

- ferg

"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg at netzero.net or fergdawg at sbcglobal.net
 ferg's tech blog: http://fergdawg.blogspot.com/

send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list