Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Windows Unpatched SMB DoS Vulnerability and Exploit

  A new SMB based vulnerability and exploit have been developed which could create blue screen crashes for 2000, 2003, and XP. PC firewall protection can help in blocking the 3 key ports associated with this attack in case further developments occur .  

MSRC Blog entry
http://blogs.technet.com/msrc/archive/2006/07/28/443837.aspx

Windows Unpatched SMB DoS Vulnerability and Exploit
http://www.frsirt.com/english/advisories/2006/3037

Advisory ID : FrSIRT/ADV-2006-3037
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-07-28

Technical Description: A vulnerability has been identified in Microsoft Windows, which could be exploited by remote attackers to cause a denial of service. This flaw is due to NULL pointer dereference error in the server driver (srv.sys) when handling specially crafted SMB (Server Message Block) packets, which could be exploited by a remote unauthenticated attackers to cause a vulnerable system to crash or display a blue screen, creating a denial of service condition.

Note : A fully functional exploit has been published.

Solution: Restrict access to ports 135, 139 and 445.