My next class:
Red Team Operations and Adversary EmulationParisSep 16th - Sep 21st 2024

MS09-039 exploit in the wild?

Published: 2009-08-18. Last Updated: 2009-08-18 10:24:24 UTC
by Bojan Zdrnja (Version: 1)
0 comment(s)

We received a note from a reader who wanted to remain anonymous that the MS09-039 vulnerability is actively exploited in the wild. To remind you, this vulnerability affects servers with the WINS service installed. The patch fixes two vulnerabilities.

We do not have any technical information yet. However, the DShield graph shows a relatively high increase in targets for port 42 (see http://isc.sans.org/port.html?port=42):

 DShield port 42

TCP port 42 is used for WINS replication. It's also interesting that the number of sources isn't that high as well.

If you have some technical information or manage to acquire network traffic for this port (especially if coming from outside) please let us know.

--
Bojan

Keywords: exploit ms09039
0 comment(s)
My next class:
Red Team Operations and Adversary EmulationParisSep 16th - Sep 21st 2024

Comments


Diary Archives