Video Screencast Help
Security Response

Microsoft Server Service Vulnerability: Worm Food?

Created: 09 Aug 2006 07:00:00 GMT • Updated: 23 Jan 2014 18:58:01 GMT
Symantec Security Response's picture
0 0 Votes
Login to vote

Guess what time it is (again)? Yep—it’sthat time of the month when our friends at Microsoft open a bit oftheir kimono in the interest of "community service”. For Star DateAugust 8, 2006, Microsoft presents us with a cornucopia of issues: 23vulnerabilities spread over 12 bulletins, to be exact.

Manyof the items disclosed are rated "critical" by Microsoft and I couldn'tagree more. Some of the items carrying a critical rating are highlyexploitable and the most severe of them all is contained in theMS06-040 bulletin entitled "Vulnerability in Server Service Could AllowRemote Code Execution”. The bulletin speaks to a buffer overflowcondition (in the "Server" service, which is used for sharing resourcesbetween Windows machines) that may occur if specially crafted RPCmessages are sent to vulnerable machines. If successfully exploited, anattacker can take complete control over the affected system.

Worse yet, do you remember the worms of yore in the not too distantpast? Well, this Server service flaw smells an awful lot like wormfodder to me. I’m not trying to be an alarmist, but there's a prettygood chance that if an attacker were to aim their sights at this flawin hopes of causing widespread carnage, they'd have a pretty good shot.

So, my advice to you would be to go and batten down the hatches;download the latest patches from Microsoft, as well as protect yourselfwith the latest security updates from Symantec. Oh, by the way, did Imention we have IPS signatures that protect our customers from thisparticular Server Service vulnerability?