[ale] Breaking News: A worm shut down computers runing Windows 2000, news at 11.... :-)

Jim Popovitch jimpop at yahoo.com
Tue Aug 16 18:52:02 EDT 2005


On Tue, 2005-08-16 at 18:35 -0400, Scott Warfield wrote:
> The seriousness of the MSRPC PnP vulnerability is inescapable.

While I'm not the least bit familiar, or interested for that matter,
with the PnP vulnerability (de jour?) it strikes me that PnP is only now
considered serious.  Heck, for decades autorun enabled boxes have been
vulnerable to pretty much anything.  PnP by definition defines ease of
use while historically overlooking considerations on authentication and
validation.  So what if someone has found a way to remotely take
advantage of a bad thing.

> Especially since a full exploit w/ shell code is publicly available...
> my wife could root a box now.

Hopefully your wife isn't running win2000.

My point is this:  Windows vulnerabilities are passe.  Yawn.  Their will
be more, life will go on.  It is not "Breaking News" however.

-Jim P.






More information about the Ale mailing list