Exploit code for wormable flaw on unpatched Windows devices published online

reader comments

55 with 39 posters participating

A researcher has published exploit code for a Microsoft Windows vulnerability that, when left unpatched, has the potential to spread from computer to computer with no user interaction.

So-called wormable security flaws are among the most severe, because the exploit of one vulnerable computer can start a chain reaction that rapidly spreads to hundreds of thousands, millions, or tens of millions of other vulnerable machines. The WannaCry and NotPetya exploits of 2017, which caused worldwide losses in the billions and tens of billions of dollars respectively, owe their success to CVE-2017-0144, the tracking number for an earlier wormable Windows vulnerability.

Also key to the destruction was reliable code developed by and later stolen from the National Security Agency and finally published online. Microsoft patched the flaw in March 2017, two months before the first exploit took hold.

Puppies will die

Proof-of-concept exploit code for the new wormable Windows vulnerability was published on Monday by a Github user with the handle Chompie1337. The exploit isn’t reliable and frequently results in crashes that present a BSOD, shorthand for the “blue screen of death” Windows displays during system failures. Regardless, the code still serves as a blueprint that, with more work, could be used to remotely compromise vulnerable machines and then spread.

“This has not been tested outside of my lab environment,” the Github user wrote. “It was written quickly and needs some work to be more reliable. Sometimes you BSOD. Using this for any purpose other than self education is an extremely bad idea. Your computer will burst in flames.

Continue reading – Article source

Similar Posts:

• ProForm treadmills are certainly worth the investment
• All About Webmail
• A Quick Guide on Progressive Glasses
• Do Car Covers Protect Against Hail?
• Why and How to Buy Shoes Online