Windows Unpatched SMB DoS Vulnerability and Exploit

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

A new SMB based vulnerability and exploit have been developed which could create blue screen crashes for 2000, 2003, and XP. PC firewall protection can help in blocking the 3 key ports associated with this attack in case further developments occur .

MSRC Blog entry
http://blogs.technet.com/msrc/archive/2006/07/28/443837.aspx

Windows Unpatched SMB DoS Vulnerability and Exploit
http://www.frsirt.com/english/advisories/2006/3037

Advisory ID : FrSIRT/ADV-2006-3037
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-07-28

Technical Description: A vulnerability has been identified in Microsoft Windows, which could be exploited by remote attackers to cause a denial of service. This flaw is due to NULL pointer dereference error in the server driver (srv.sys) when handling specially crafted SMB (Server Message Block) packets, which could be exploited by a remote unauthenticated attackers to cause a vulnerable system to crash or display a blue screen, creating a denial of service condition.

Note : A fully functional exploit has been published.

Solution: Restrict access to ports 135, 139 and 445.

Posted: Jul 29 2006, 01:58 PM by Harry Waldron | with no comments

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.