Re: Pink Floyd Worm/Virus and MS03-039

mcerha · ‎10-13-2003

Rumors have been circulated about a worm/virus named Pink Floyd that reportly exploits an additional vulnerability related to the Microsoft Advisory MS03-039 concerning the MS RPC service. It is further reported that even patched systems are vulnerable. Exploits have been released to the Internet which allegedly use this weakness. Cisco has tested these exploits and found that signature 3330 (Windows RPCSS Overflow II) detects their precense. Microsoft is expected to comment on these rumors. Due to the uncertain nature of these facts, it is recommended that special scrutiny be given to any 3330 alarms occuring in your network for the near future.

pbobby · ‎10-14-2003

This worm claims to only DOS the target box. I have yet to see a reply to my post on Bugtraq, but if the worm exploits MS03-039, and only DOSs the target, what then is the propagation mechanism of this supposed worm?

scothrel · ‎10-14-2003

lifted from a Microsoft bulletin:

"...Exploit code currently available will provide a remote shell to an unpatched system. If the system has been patched with Microsoft Security Bulletin MS03-039, the system will not be compromised but may experience a Denial of Service. The Microsoft Security Response Center is actively investigating the issue of the Denial of Service."

SC

pbobby · ‎10-14-2003

Which bulletin is that?

scothrel · ‎10-14-2003

Its from one of their Premium Support Service updates...not a security bulletin per se.