1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. MSRPC PnP GetDeviceList DoS

MSRPC PnP GetDeviceList DoS

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a denial-of-service vulnerability, using the RPC interfaces exposed for the Windows Plug and Play service.

Additional Information

Microsoft Windows Plug and Play (PnP) service is used by the operating system to detect new hardware.

The Plug and Play service is prone to a denial-of-service vulnerability. Sending malformed data to the 'upnp_getdevicelist' function of the Plug and Play service causes the system to consume excessive virtual memory, causing the system to stop responding to all requests. The system will resume normal operation after a period of time; however, successive malformed requests to the service can result in a sustained denial-of-service.

This issue has been confirmed to affect Windows 2000 up to and including Service Pack 3. It is not currently known if other versions are vulnerable.

Affected

  • Microsoft Windows 2000 Advanced Server SP1, SP2, SP3, SP4
  • Microsoft Windows 2000 Datacenter Server SP1, SP2, SP3, SP4
  • Microsoft Windows 2000 Professional SP1, SP2, SP3, SP4
  • Microsoft Windows 2000 Server SP1, SP2, SP3, SP4
  • Microsoft Windows XP Home SP1, SP2
  • Microsoft Windows XP Media Center Edition SP1, SP2
  • Microsoft Windows XP Professional SP1, SP2
  • Microsoft Windows XP Tablet PC Edition SP1, SP2

Response

Currently there are no known patches or workarounds for this vulnerability. It is recommended that users upgrade to the latest version of the application and contact the vendor for more details.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube