(MS06-040) Microsoft Windows Server Service Buffer Overflow (KB921883)

Overview

A vulnerability exists in the Microsoft Windows Server Service that may allow for arbitrary code execution. This can successfully be exploited by sending malicious traffic to the server service.

The Microsoft Server Service allows for file sharing between other networked hosts. A vulnerability is present in the Server Service that may allow for code execution due to improper bounds checking. The flaw may be exploited by receiving and processing specially crafted server service traffic to the vulnerable host. This attack is available to unauthenticated attackers.

Attack Vector

Malicious remote network traffic

User Interaction

no user interaction is needed

Vendor Status

Responded and patched

Vulnerable Systems

Windows 2003   SP0 - SP1,

Timeline

2006-08-08

Microsoft has stated that this has been exploited in the wild, but code is not public

2006-08-08

Vendor has provided a patch.

2006-08-08

Vulnerability information has been publicly disclosed.

2006-08-15

Vendor has provided patch caveat information

2006-09-12

Vendor has re-released the patch to remediate a known non-security related issue

2006-08-10

Exploit code has been released.

2006-08-12

Active exploitation has been found in the wild

2006-08-19

A second exploit similar to the exploit of August 10 has been released.

2006-08-27

A third exploit similar to the exploit of August 10 has been released.

2006-09-13

An exploit for Windows 2003 has been released

Recommendations

Download and install the patch available from Microsoft (KB921883):
http://www.microsoft.com/technet/security/bulletin/MS06-040.mspx

Recommendations McAfee Product Mitigation

VIL

IRC-Mocbot!MS06-040

  • Release Date
    2006-08-13

VIL

IRC-Mocbot!MS06-040

  • Release Date
    2006-08-13

VIL

IRC-Mocbot!MS06-040

  • Release Date
    2006-08-13

VIL

IRC-Mocbot!MS06-040

  • Release Date
    2006-08-13

Additional Resources