Patch Tuesday fixes “Dead Cow Cult” exploit
By Asavin Wattanajantra,
An expert has claimed Patch Tuesday for November fixes a vulnerability found by a member of US hacker group ‘Cult of The Dead Cow’.
According to Shavlik chief technology officer Eric Schultze, the ‘important’ MS08-068 patch addresses a vulnerability which is more than seven years old, found by a US hacker called Sir Dystic, better known as Josh Buchbinder.
He was a member of the ‘Cult of the Dead Cow’, a hacking organisation which was founded in 1984 in Texas, and claims on its website to be the “most elite people to ever walk the face of the earth.”
Sir Dystic found a vulnerability in Microsoft Operating Systems that enabled attackers complete access to user’s computers, and wrote a utility called SMBRelay to demonstrate the flaw.
Shavlik claimed that Microsoft knew about the problem since 2001, and was unable to - or chose not to - fix it until now. The MS08-068 patch now addresses it.
He gave an example of an attack: “The attacker sends the victim an HTML email - or convinces them to visit their website - where the code includes a reference like: 'file://evilserver/picturejpg'.
“When the victim machine goes to view this html, it attempts to display the 'picture' jpg. To do this, it needs to connect to the 'evilserver' machine over NetBIOS ports. The evilserver machine asks the victim machine to authenticate to it, so it can then serve up the picture.jpg file.”
“The victim machine performs NTLM challenge-response authentication process in order to connect to evilserver to get this picture file.”
Shavlik said that whether the authentication succeeded or failed, it was already too late. The evil server now had the challenge-response data that it could use to reply back to the victim's machine. This would allow the attacker to simply connect to the victim's machine without providing any specific password.
He said: “The attacker has the same credentials as the user had on their system and can read and write files, modify the registry, delete objects, access emails, etc.”
The other ‘critical’ MS08-069 patch addresses a vulnerability in Windows XML Core Services - a technology used in businesses to format and manipulate data.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
Do British police get cyber security?
Davey Winder listens to telephone conversations between the FBI and the Metropolitan Police, courtesy of Anonymous, and isn't impressed.
- Who to trust after the VeriSign hack?
- Striving to solve the security skills crisis
- Would you employ a hacker or malware writer?
- Q&A: Raj Samani, CTO McAfee
- Erase and rewind: the EU and privacy
- My email address is [CENSORED]
- Is there such a thing as a secure tablet?
- 2011: The year in news
- BYOD: Old or new, good or bad?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- Ubuntu vs. Windows 7 on the business desktop
- York researchers heat storage to speed up data
- BlackBerry Bold 9790 review
- OneNote hits Google?s Android
- O2 trials Olympic-scale remote working
- Will someone rid me of these troublesome Macs?
- Lenovo beats expectations again
- Who to trust after the VeriSign hack?
- Google to promise fairness after Motorola buy
- Report: Google cloud storage coming soon
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
