August 2006
Exploit for MS06-040 (vulnerability in the Server service) publicly available
ID: 00546
Ref: 05/06
Date: 10 August 2006:15:48:54
Version: 1
Title: Exploit for MS06-040 (vulnerability in the Server service) publicly available
Abstract: A vulnerability in the Microsoft Server service, addressed in Microsoft Security Bulletin MS06-040, is being exploited.
Vendors affected: Microsoft
Operating systems affected: Microsoft
Applications affected: Microsoft
A vulnerability in the Microsoft Server service, addressed in Microsoft Security Bulletin MS06-040, has been reported as being exploited.
Microsoft recommends that users:
- Install the latest updates
Workarounds to help block known attack vectors:
- Block TCP ports 139 and 445 at the firewall
- Enable advanced TCP/IP filtering, on systems that support this feature, to block
all unsolicited inbound traffic
- Block the affected ports by using IPSec on the affected systems
Mitigating factors:
The exploit does not affect Windows XP SP2 or Windows 2003 SP1.
Recommendations:
It is strongly recommended that users apply the relevant Microsoft patches.
UNIRAS will continue to monitor the situation.
More information:
Microsoft Security Bulletin MS06-040
Vulnerability in Server Service Could Allow Remote Code Execution (921883)
URL: http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx
US-CERT
Microsoft Windows Server service buffer overflow
URL: http://www.kb.cert.org/vuls/id/650769
Internet Storm Center
MS06-040 exploit(s) publicly available
URL: http://isc.sans.org/diary.php?storyid=1582
eEye has created a free tool to scan machines for this vulnerability
Retina MS06-040 NetApi32 Scanner
URL: http://www.eeye.com/html/resources/downloads/audits/NetApi.html