MS06-049 re-release
When Microsoft release the out-of-cycle patch for the VML exploit, they also re-released MS06-049 (again) which was responsible for causing corruption of compressed NTFS files on Windows 2000 systems.  You can find more info from Microsoft here I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Tokyo Autumn 2022

Jim

423 Posts
ISC Handler
Sep 27th 2006

Sign Up for Free or Log In to start participating in the conversation!