MS15-002 was one of the more interesting patches this month. As such, we spent quite a bit of time on it. But alas, it appears as though a pretty thorough analysis has already been posted at WooYun (http://drops.wooyun.org/papers/4621) which mostly aligns with our analysis of the issue. We believe this issue to be difficult to exploit but pretty easy to detect. Our (ugly) internal detection script can be grabbed from here for anyone who might find it useful: http://pastebin.com/aTxca42w Please note that this script IS NOT SAFE and running it against a target multiple times will exhaust the telnet server's maximum connections (as defined in Software\Microsoft\TelnetServer\1.0\MaxConnections) and require restarting the telnet service.
Photograph of Scott Lang

Scott Lang, Sr. Director, Product Marketing at BeyondTrust

Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Up next

You May Also Be Interested In:

Prefers reduced motion setting detected. Animations will now be reduced as a result.