There’s been a lot of action on the MS08-067 front over the weekend, and how Snort and ClamAV are providing specific detection. One private research organization reported EIP a little over two hours after patching was released. The first PoC was up on Thursday, 10/23, and the first Milw0rm remote entry didn’t show up until the 26th. The VRT just finished up working through the actual pre-patch attack worm. We’re pretty pleased with the outcome of our testing.”]
Source: https://blog.talosintelligence.com/2008/10/update-on-snort-and-clamav-for-ms08-067.html