Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: MS06-063: Mailslot DoS (Server service) - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-063: Mailslot DoS (Server service)
This vulnerability from Microsoft is a simple Denial of Service against all Windows platforms.  The attack vector is TCP ports 139 or 445.  Apparently, there is an unitialized buffer that could be modified remotely to crash the box.  Exploit code has been available for this bug since July 19, 2006.  Famed handler Swa covered it in a diary entry last month: http://isc.sans.org/diary.php?storyid=1599

It looks like the Core Security folks found this after the MS06-035 in July (http://www1.corest.com/common/showdoc.php?idx=562.  Microsoft also has a blog entry on it: http://blogs.technet.com/msrc/archive/2006/07/28/443837.aspx .

There probably isn't any need to freak out on this one.  The exploit has been out in the wild for several months.  If you are seeing some mysterious reboots on Windows machines and untrusted people can hit TCP 139 or 445 on those hosts, then this could potentially solve your problems (although Microsoft is claiming that it hasn't been used in the wild yet).  Otherwise, there are no code execution possibilities with this vulnerability, so you don't need to be in "emergency mode" to patch it.


Kyle

112 Posts

Sign Up for Free or Log In to start participating in the conversation!