Hackers have publicly launched a new attack that exploits a severe security vulnerability in the Windows operating system.CodeTo force Microsoft to fix this vulnerability before the worm outbreak.
This security vulnerability was made public in September 7, but so far it has been exploited to attack computers.ProgramIn addition to causing system crash, you cannot do anything else. the attack code developed by Stephen fewer, a senior security researcher at Harmony, allows attackers to run fee-authorized software on computers. In theory, this security vulnerability has become a serious problem. fewer code was added to the open source metasploit intrusion testing tool on Monday.
Two weeks ago, a small company named immunity developed its own attack code using this security vulnerability. however, this code is only available to registered users of the company. in contrast, anyone can download the metasploit intrusion testing tool. this means that the attack code is now widely available.
Metasploit developer HD Moore said the security vulnerability code is effective in software such as Windows Vista SP1, SP2, and Windows 2008 sp1 server. This attack code can also attack windows 2008 SP2.
However, this attack code may not be completely reliable. kostya kortchinsky, a senior immunity researcher, said he could only use this metasploit to attack the Windows Vista operating system running in the vmwarevm process. when he runs the attack code on the local Windows operating system, this attack code can only cause system crash.
This attack code does not affect Windows XP, Windows Server 2003, or Windows 2000 operating systems. Windows 7 has fixed this security vulnerability.
Whether or not Microsoft will fix this security vulnerability when it releases a security patch in October 13 remains to be observed.