A vulnerability exists in the Microsoft Windows Server Service that may allow for arbitrary code execution. This can successfully be exploited by sending malicious traffic to the server service.
The Microsoft Server Service allows for file sharing between other networked hosts. A vulnerability is present in the Server Service that may allow for code execution due to improper bounds checking. The flaw may be exploited by receiving and processing specially crafted server service traffic to the vulnerable host. This attack is available to unauthenticated attackers.Attack Vector
Malicious remote network trafficUser Interaction
no user interaction is neededVendor Status
Responded and patchedVulnerable Systems
SP0 - SP1,
Microsoft has stated that this has been exploited in the wild, but code is not public
Download and install the patch available from Microsoft (KB921883):