Lots of talk on the net recently about the first “critical” vulnerability (MS08-001) released by Microsoft this year. If exploited, this vulnerability can allow an attacker to run arbitrary code on a remote system bypassing personal firewalls and in the case of Vista, the kernel protection mechanisms. Note that one caveat to this is that the attacker has to be on the same subnet as the victim machines.
Microsoft says that “there are a number of factors that make exploitation of this issue difficult and unlikely in real-world conditions”. However, researchers over at Immunity Inc. (these are the guys that make CANVAS, an automated pen testing product) demonstrated how this vulnerability could be exploited via this flash demo. Immunity only has released the exploit to it’s customers of the CANVAS product and admits that the exploit is not 100% reliable…yet. Now that everyone knows that an exploit is “possible”, it’s only a matter of time before someone releases working, reliable exploit code in the wild. Patch now!