totally rehashed from a security advisory….

Microsoft is aware that detailed exploit code demonstrating code execution has been published on the Internet for the vulnerability that is addressed by security update MS08-067. This exploit code demonstrates code execution on Windows 2000, Windows XP, and Windows Server 2003. Microsoft is aware of limited, targeted active attacks that use this exploit code. At this time, there are no self-replicating attacks associated with this vulnerability. Microsoft has activated its Software Security Incident Response Process (SSIRP) and is continuing to investigate this issue.

poking around with the exploit code has verified that it does not affect a host which has installed the updates detailed in MS08-067. Microsoft continues to recommend that customers apply the updates to the affected products by enabling the Automatic Updates feature in Windows.

oh yeah, HDMoore added a working module to the framework on the 28th…