This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Server Message Block (SMB) that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. . An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.The vulnerability is documented in the "Vulnerability Details" section of this bulletin.

Yumm Yumm

But you must logon first, i dunno if Null-Session is enough.

from isc.sans.org

MS05-027 Update: There have been a few people who have written in expressing confusion on whether there needs to be authentication for this exploit to work. A plain reading of the bulletin by Microsoft indicates that this is a pre-authentication bug and that any anonymous user can theoretically exploit it.

I's Worm time Again... Like every Summer...

Worm time is always interesting. Let's see what this one can do

hehe m$ gangtas did not secure their products again. lets see what happens

worm...?
it's kill exploit.... msblast kill dcom exploit, sasser kill ms-04011 exploit.

i am one with blahplok

its not the worm summertime , the ports are bloced by ISPs by now , so a limited infection will occur .. thats if they released the exploit in public , in the last days i see the exploits are not released or privately released although there exists a critical bug , u have to search urself to get it else u wont find it

I doubt many ISP's would block Port 445 (SMB)

I mean I know mine doesn't, If your talking about AOL and such yeh....

Off the top of my head, I only know of about 5 ISPs which have blocked the netbios ports and it'll be at least a week after the code is released that a worm for it is made, so get a firewall people

5 ISP`s well Aren`t there a little more then a few hundred ISP`s around and just look at all the devastation the lsass sploit did. Started of pretty quitly and ended in a big ass snowball.....

Think this might end up with kind of a large effect on the longer run though.....

Hopefully people start using there firewall as it was intended to be used for.....

Greetz Joepi

Am off to get my firewall then

Those 5 ISPs are the largest in the country and have majority market share (comcast, roadrunner, the rest slip my mind). So for all intents and purposes the port is blocked in the US.

I'm speaking with the US in mind, so I have no idea how ISPs in other countries are structured.

In Germany, the biggest ISP here does not block.

ISP aren't blocking any port in France

After dcom and later lsass most big ISPs, universitys and companys blocked 139 and 445 and kept it that way..

Wanadoo is blocking some port like 139 and 445
Now my ISP is Free and every port are opend

in holland most isp`s don`t block anything i know in belgium they do block ports but not sure wich