微软在十月二十四日清晨 太平洋标准时间下午1点举行网络直播会议发布一个最高级别为严重的安全补丁ms08-067,用以修复已发现的Windows Server service 的漏洞并可能被利用于远程攻击或散播蠕虫. 攻击成功者可能获取系统的完全控制权限.
在每月补丁周期之外发布对于微软来说是很少见的。据微软的代表说,微软上一次在每月补丁周期之外发布安全补丁是在2007年4月。
attach debugger to services.exe (2k) or the relevant svchost (xp/
2k3/...)
net use \\IPADDRESS\IPC$ /user:user creds
die \\IPADDRESS \pipe\srvsvc
In some cases, /user:"" "", will suffice (i.e., anonymous
connection)
You should get EIP -> 00 78 00 78, a stack overflow (like a guard page
violation), access violation, etc. However, in some cases, you will
get
nothing.
This is because it depends on the state of the stack prior to the
"overflow".
You need a slash on the stack prior to the input buffer.
So play around a bit, you'll get it working reliably...
