Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: MS09-039 exploit in the wild? - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS09-039 exploit in the wild?

We received a note from a reader who wanted to remain anonymous that the MS09-039 vulnerability is actively exploited in the wild. To remind you, this vulnerability affects servers with the WINS service installed. The patch fixes two vulnerabilities.

We do not have any technical information yet. However, the DShield graph shows a relatively high increase in targets for port 42 (see

 DShield port 42

TCP port 42 is used for WINS replication. It's also interesting that the number of sources isn't that high as well.

If you have some technical information or manage to acquire network traffic for this port (especially if coming from outside) please let us know.


I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Pen Test Hackfest Europe 2022 - Berlin


402 Posts
ISC Handler
Aug 18th 2009

Sign Up for Free or Log In to start participating in the conversation!