HackDig : Dig high-quality web security articles for hacker

MS15-002 Detection

2015-01-17 13:15
Posted January 16, 2015   BeyondTrust Research Team

MS15-002 was one of the more interesting patches this month.  As such, we spent quite a bit of time on it.  But alas, it appears as though a pretty thorough analysis has already been posted at WooYun (http://drops.wooyun.org/papers/4621) which mostly aligns with our analysis of the issue.

We believe this issue to be difficult to exploit but pretty easy to detect.  Our (ugly) internal detection script can be grabbed from here for anyone who might find it useful: http://pastebin.com/aTxca42w

Please note that this script IS NOT SAFE and running it against a target multiple times will exhaust the telnet server’s maximum connections (as defined in Software\Microsoft\TelnetServer\1.0\MaxConnections) and require restarting the telnet service.


Source: 79802/moc.tsurtdnoyeb.golb

Read:4538 | Comments:0 | Tags:Network Security Security Research ms15-002

“MS15-002 Detection”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud