Fully working MS06-070 POC exploit developed in just 3 hours
Posted
Monday, November 20, 2006 4:13 PM
by
hwaldron
POC was developed in one hour and a fully functional exploit within 3 hours ... This signifies that sooner is better when it comes to pilot testing and rolling out the updates as quickly as possible in the corporate environment.
Fully working MS06-070 POC exploit developed in just 3 hours
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9005163
QUOTE: One of the exploits that has become available for the workstation service flaw was developed by Immunity Inc. The Miami Beach-based penetration-testing company was able to develop a proof-of-concept code against the flaw one hour after Microsoft released a patch for it on Tuesday and a fully working exploit in about three hours, said Kostya Kortchinsky, a senior researcher at Immunity. The code has been tested and found to be working "perfectly well" against several versions of Windows 2000, including Service Pack 3 and SP4, he said. The only mitigating factor is that an attacker would need to have a domain controller set up and accessible somewhere around the machine that is being attacked for the exploit to work, he said.