Tuesday, February 12, 2008

SCADA Watch: MS08-008 Critical Bulletin Likely Affects OPC

Via Digital Bond.

Microsoft Security Bulletin MS08-008 Vulnerability in OLE Automation Could Allow Remote Code Execution issued today is likely to affect OPC servers. Remember that OPC was originally an acronym for OLE for Process Control.

This is a serious vulnerability rated Critical by Microsoft for most OS and would allow a remote attacker to run shell code after the exploit. The bulletin talks about “remote code execution if a user viewed a specially crafted Web page”. It will be interesting to see if an OPC server can be compromised and then used to allow remote code execution if an OPC client connects to the compromised server.

More here.


Post a Comment

<< Home