Apparently not need with good firewalls, and IPSEC enabled.
http://www.microsoft.com/technet/security/bullet
in/MS06-040.mspx
Also note this vulnerability is from the local network.
TITLE:
Windows Server Service Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA21388
VERIFY ADVISORY:
http://secunia.c
om/advisories/21388/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
From local network
OPERATING SYSTEM:
Microsoft Windows 2000 Advanced Server
http://secunia.com/pro
duct/21/
Microsoft Windows 2000 Datacenter Server
http://secunia.com/p
roduct/1177/
Microsoft Windows 2000 Professional
http://secunia.com/prod
uct/1/
Microsoft Windows 2000 Server
http://secunia.com/pro
duct/20/
Microsoft Windows Server 2003 Datacenter Edition
http://secunia.com/p
roduct/1175/
Microsoft Windows Server 2003 Enterprise Edition
http://secunia.com/p
roduct/1174/
Microsoft Windows Server 2003 Standard Edition
http://secunia.com/p
roduct/1173/
Microsoft Windows Server 2003 Web Edition
http://secunia.com/p
roduct/1176/
Microsoft Windows XP Home Edition
http://secunia.com/pro
duct/16/
Microsoft Windows XP Professional
http://secunia.com/pro
duct/22/
DESCRIPTION:
A vulnerability has been reported in Microsoft Windows,
which
can be
exploited by malicious people to compromise a vulnerable
system.
The vulnerability is caused due to a boundary error in the
Server
service during the processing of RPC traffic. This can be
exploited
to cause a buffer overflow by sending a specially crafted
packet to
port 139/TCP or 445/TCP.
Successful exploitation allows execution of arbitrary code.
NOTE: According to Microsoft, the vulnerability is already
being
actively exploited.
Other unspecified issues discovered by Microsoft have also
been
reported.
SOLUTION:
Apply patches.
Windows 2000 (requires SP4):
http://www.microsof
t.com/downloads/details.aspx?FamilyId=3b61153d-359f-4441-a44
8-24062cb2387c
Windows XP (requires SP1 or SP2):
http://www.microsof
t.com/downloads/details.aspx?FamilyId=2996b9b6-03ff-4636-861
a-46b3eac7a305
Windows XP Professional x64 Edition:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=314c7c2c-9a02-4e56-98c
f-97703fecf0be
Windows Server 2003 (optionally with SP1):
http://www.microsof
t.com/downloads/details.aspx?FamilyId=a0058f39-6dea-4dfc-9dd
6-4cb45b305dec
Windows Server 2003 for Itanium-based systems (optionally
with
SP1):
http://www.microsof
t.com/downloads/details.aspx?FamilyId=af970833-2044-4284-937
d-3beb2e2f286d
Windows Server 2003 x64 Edition:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=3b0c1954-fca5-4e95-abb
2-6066a9d6bc76
ORIGINAL ADVISORY:
MS06-040 (KB921883):
http://www.microsoft.com/technet/security/Bullet
in/MS06-040.mspx
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|