|
|
Orchid XP v8 wrote:
> Gail Shaw wrote:
>
>> The interesting (and unfortunate) thing about SQL Slammer is that the
>> patch that closed the exploit had been released a couple of months before
>> the worm appeared. The reason is was so widespread is that most
>> organisations hadn't bothered applying any service packs
>
> Indeed. Some of these things use a hole that was patched a week or two
> ago, but some hit really "old" holes that were fixed ages ago.
I heard of a really interesting one. Microsoft found a security bug (or was
responsibly and privately notified of it by another company/individual). As
usual, on Patch Tuesday they released an update fixing it, along with other
updates.
Some motivated hacker *reverse-engineered the update*. He compared the
relevant DLL before and after the update, basically. And figured out what
the vulnerability was.
And proceeded to pwn unpatched machines.
Post a reply to this message
|
|