A security company which releases for-pay vulnerability info,
Immunity Inc, has published a nice video showing just how easy it is to get a shell on a vulnerable
host using their freshly-published exploit.
To rephrase that: there is a remote exploit against the SMB flaw we covered last week. While the exploit code
is not in the wild per se, the capability to exploit this flaw can be obtained in exchange for a moderate amount of money. Reverse-engineering the clever trick used
to transform the DoS attack into a full compromise is probably as simple as watching the SMB packets flow.
It’s therefore highly probable that
this exploit will start being used in the wild in the following days.