Threat Level: green Handler on Duty: Russ McRee

SANS ISC: MS06-040: Server Service SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-040: Server Service
MS06-040 - KB921883

CRITICAL

This fixes a buffer overrun in the server service in Windows that allows for remote code execution.

The suggested workaround is to block port 139/tcp and 445/tcp with a firewall.

This sounds like it could be developed into a worm or used as a second stage once it's behind a corporate fireewall.

CVE-2006-3439

--
Swa Frantzen -- section 66


Swa

760 Posts
Aug 8th 2006

Sign Up for Free or Log In to start participating in the conversation!