Endpoint Protection

 View Only

  • 1.  What does this mean MS SMB2 ValidateProviderCallback DOS

    Posted Jan 04, 2010 02:39 AM
    What does this mean MS SMB2 ValidateProviderCallback DOS, it keeps on popping up on lower right side of my computer


  • 2.  RE: What does this mean MS SMB2 ValidateProviderCallback DOS

    Broadcom Employee
    Posted Jan 04, 2010 02:42 AM
    IPS has detected this threat.

    If you check teh signatures in IPS you will have this signature, more details in the link

    http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=23471


  • 3.  RE: What does this mean MS SMB2 ValidateProviderCallback DOS
    Best Answer

    Posted Jan 04, 2010 02:44 AM

    Severity: High

    This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

    Description

    This signature will detect attempts to exploit a Denial of Service Vulnerability in Microsoft Windows Vista.

    Additional Information

    Server Message Block 2 (SMB2) is a newer version of the Server Message Block (SMB) protocol. SMB2 was introduced in Microsoft Windows Vista.

    Microsoft Windows is prone to a denial-of-service vulnerability when processing the protocol headers for the SMB2 Negotiate Protocol Request. Specifically the issue occurs in the 'SRV2.SYS' driver when the '&' character is used in the 'Process ID High' header field.

    An attacker can exploit this issue to cause a system crash, denying service to legitimate users.

    Microsoft Windows 7 and Vista are vulnerable; other versions may also be affected. Note that this issue reportedly does not affect Microsoft Windows XP and 2000.

    Additional References

    http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=23471
     


  • 4.  RE: What does this mean MS SMB2 ValidateProviderCallback DOS

    Posted Jan 04, 2010 02:46 AM
    ok tnx for your help guys, I really appreaciate it.