Severity: High
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
Description
This signature will detect attempts to exploit a Denial of Service Vulnerability in Microsoft Windows Vista.
Additional Information
Server Message Block 2 (SMB2) is a newer version of the Server Message Block (SMB) protocol. SMB2 was introduced in Microsoft Windows Vista.
Microsoft Windows is prone to a denial-of-service vulnerability when processing the protocol headers for the SMB2 Negotiate Protocol Request. Specifically the issue occurs in the 'SRV2.SYS' driver when the '&' character is used in the 'Process ID High' header field.
An attacker can exploit this issue to cause a system crash, denying service to legitimate users.
Microsoft Windows 7 and Vista are vulnerable; other versions may also be affected. Note that this issue reportedly does not affect Microsoft Windows XP and 2000.