Aitel to Microsoft…Ya know what? Uh, uh.
From Computer World:
Security researchers yesterday said they’d discredited Microsoft’s claim that the year’s first critical Windows vulnerability would be “difficult and unlikely” to be exploited by attackers.
On Tuesday, Immunity Inc. updated a working exploit for the TCP/IP flaw spelled out Jan. 8 in Microsoft’s MS08-001 security bulletin, and posted a Flash demonstration of the attack on its Web site. The exploit, which was released to customers of its CANVAS penetration testing software — but is not available to the public — was a revised version of code first issued two weeks ago.
“This demonstrates conclusively that the MS08-001 IGMPv3 vulnerability is highly exploitable,” said Dave Aitel, Immunity’s chief technology officer, in a message to his Dailydave security mailing list.
Read on.
[tags]MS08-001, Microsoft Exploit, Dave Aitel[/tags]
