Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: NT4 worm
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Wed, 30 Aug 2006 23:03:59 +0300 (EEST)

My point was to clarify if these reports are especially related to NT4 machines and the reply states they are.
I.e. when word 'NT4' was used in the title I made a conclusion that there was observations about infected NT4 machines.
Absolutely the exploit will work on W2K boxes.

BTW: Can someone confirm that Netapi32.dll (vulnerable component of MS06-040) is part of fully patched NT4.0 

- Juha-Matti

H D Moore <fdlist () digitaloffense net> wrote:

The exploit for NT 4.0 is *exactly* the same packet as the one you would also use on Windows 2000. I am suprised that this is considered a "NT 4" worm and not a "Windows 2000 (+NT 4.0)" worm. Is something specific about the exploit they use that prevents it from working on Windows 2000?


On Wednesday 30 August 2006 10:11, Juha-Matti Laurio wrote:
> Are the machines you have experience especially NT4.0 machines?
> It appears that one of the PoC's (public on Monday 28th Aug) lists the
> following information: "Systems Affected:
> *  Microsoft Windows 2000 SP0-SP4
> *  Microsoft Windows XP SP0-SP1
> *  Microsoft Windows NT 4.0"
> but reportedly it is tested against XPSP1 and W2KSP4 systems.

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]