Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
Severity: High
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.Description
This signature detects attempts to exploit a remote denial-of-service vulnerability in the SMB server.Additional Information
Microsoft Windows is prone to a remote denial-of-service vulnerability because the operating system fails to properly handle network traffic.This issue is triggered by specially crafted TCP network packets with destination ports set to 445 or 139. This occurs when SMV_COM_TRANSACTION messages with a non-NULL-terminated are sent to vulnerable computers. The malformed SMB PIPE traffic causes a NULL-pointer dereference in the 'srv.sys' server driver, resulting in denial-of-service conditions.
This issue may cause affected computers to crash, denying service to legitimate users. Code execution is reportedly not possible, but this has not been confirmed.
Reports indicate that this issue may be currently exploited in the wild, but this has not been confirmed.
Affected
- Microsoft Windows 2000 Server SP4
- Microsoft Windows Server 2003 Datacenter Edition SP1, SP1 Beta 1
- Microsoft Windows Server 2003 Datacenter Edition Itanium SP1, SP1 Beta 1
- Microsoft Windows Server 2003 Datacenter x64 Edition
- Microsoft Windows Server 2003 Enterprise Edition SP1, SP1 Beta 1
- Microsoft Windows Server 2003 Enterprise Edition Itanium SP1, SP1 Beta 1
- Microsoft Windows Server 2003 Enterprise x64 Edition
- Microsoft Windows Server 2003 Standard Edition SP1, SP1 Beta 1
- Microsoft Windows Server 2003 Standard x64 Edition
- Microsoft Windows Server 2003 Web Edition SP1, SP1 Beta 1
- Microsoft Windows XP Professional SP1, SP2
- Microsoft Windows XP Professional x64 Edition