Waiting for the Worms

Waiting for the Worms
Tim Mullen, 2003-07-21

The hole's been announced, the patch has been released. Now there's nothing to do but wait for the worm to come and wreak its ugly havoc.

Waiting for the Worms 2003-07-23
Sam Schinke

The security credentials of the currently logged in user has nothing to do with the credentials of an exploitable service.

RPC runs as SYSTEM, as far as I know, and there is little hope of being able to run it in a less priviledged services account (so much depends on it).

Regards,
Sam...

[ more ]