nCircle.com >> 360 Security

« Please allow Microsoft to evolve | Main | SCADAGard SIG To Be Established »

New Microsoft Remote DoS 0Day in the Wild

Microsoft Windows NAT Helper Components (ipnathlp.dll) 0day Remote DoS Exploit

The exploit requires Internet Connection Sharing to be enabled and requires that the attacker be on the shared interface (from what I’ve seen in my playing thus far, the Windows Firewall was disabled).

Malicious Person — Computer with ICS — Internet

I ran Windows Updates on an XP SP2 machine immediately prior to testing this… so it *SHOULD* have been fully up-to-date

I’ve attached a few of the details below.

——

Microsoft Error Message:

Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience.

View What’s in this report:

Error signature:

szAppName: svchost.exe szAppVer: 5.1.2600.2180
szModName: ipnathlp.dll szModVer 5.1.2600.2180 offset: 0001d45e

---

This is currently being tracked by SANS ISC

Posted by Tyler Reguly on October 29, 2006 10:55 AM |

Comments (1)

zKwon:

Thanks, very usefull although Internet Connection Sharing is required and i am not so sure how many share their connections through this Windows feature but shows that Windows needs a little bit more coding attention.

Posted by zKwon | October 31, 2006 7:23 AM

Posted on October 31, 2006 07:23

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search


About

This page contains a single entry from the blog posted on October 29, 2006 10:55 AM.

The previous post in this blog was Please allow Microsoft to evolve.

The next post in this blog is SCADAGard SIG To Be Established.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]