MS04-011 if you've not applied this yet, do it... now!

Let me 1st start out by asking if you've not applied these patches yet WHAT ARE YOU WAITING FOR?!?

ok thats out of my system!

so the meat so to speak of the post, there are machines actively being compromised by the IIS+SSL PCT vulnerability detailed in MS04-011 (http://www.microsoft.com/technet/sec.../MS04-011.mspx)

The exploit code is pretty effective and there are predictions that there will be a full fledged worm over the weekend.

The current exploit creates a reverse shell back to the attacker so majority of the current exploitation is being done manually, however it will not take very much for this puppy to be fully automated and self propagating which could potentially become a big pain rear for everyone.

Happy patching!

 

 

 

 

Top