Overview
A vulnerability exists in the Microsoft Windows Server Service that may allow for arbitrary code execution. This can successfully be exploited by sending malicious traffic to the server service.
The Microsoft Server Service allows for file sharing between other networked hosts. A vulnerability is present in the Server Service that may allow for code execution due to improper bounds checking. The flaw may be exploited by receiving and processing specially crafted server service traffic to the vulnerable host. This attack is available to unauthenticated attackers.
Attack VectorMalicious remote network traffic
User Interactionno user interaction is needed
Vendor StatusResponded and patched
Vulnerable Systems
Windows 2003
SP0 - SP1,
Timeline
Microsoft has stated that this has been exploited in the wild, but code is not public
2006-08-08Vendor has provided a patch.
2006-08-08Vulnerability information has been publicly disclosed.
2006-08-15Vendor has provided patch caveat information
2006-09-12Vendor has re-released the patch to remediate a known non-security related issue
2006-08-10Exploit code has been released.
2006-08-12Active exploitation has been found in the wild
2006-08-19A second exploit similar to the exploit of August 10 has been released.
2006-08-27A third exploit similar to the exploit of August 10 has been released.
2006-09-13An exploit for Windows 2003 has been released
Recommendations
Download and install the patch available from Microsoft (KB921883):
http://www.microsoft.com/technet/security/bulletin/MS06-040.mspx
Recommendations McAfee Product Mitigation
VIL
IRC-Mocbot!MS06-040-
Release Date
2006-08-13
VIL
IRC-Mocbot!MS06-040-
Release Date
2006-08-13
VIL
IRC-Mocbot!MS06-040-
Release Date
2006-08-13
VIL
IRC-Mocbot!MS06-040-
Release Date
2006-08-13