Researcher: New critical Windows bug 'highly exploitable'

Security researchers yesterday said they'd discredited Microsoft's claim that the year's first critical Windows vulnerability would be "difficult and unlikely" to be exploited by attackers.On Tuesday, Immunity Inc. updated a working exploit for the TCP/IP flaw spelled out Jan. 8 in Microsoft's MS08-001 security bulletin, and posted a Flash demonstration of the attack on its […]

Security researchers yesterday said they'd discredited Microsoft's claim that the year's first critical Windows vulnerability would be "difficult and unlikely" to be exploited by attackers.

On Tuesday, Immunity Inc. updated a working exploit for the TCP/IP flaw spelled out Jan. 8 in Microsoft's MS08-001 security bulletin, and posted a Flash demonstration of the attack on its Web site. The exploit, which was released to customers of its CANVAS penetration testing software -- but is not available to the public -- was a revised version of code first issued two weeks ago.

"This demonstrates conclusively that the MS08-001 IGMPv3 vulnerability is highly exploitable," said Dave Aitel, Immunity's chief technology officer, in a message to his Dailydave security mailing list.

Full Article

Microsoft, Windows, Windows OS, Exploit, Vulnerability, Bug