As almost everyone predicted, it didn't take long to have MS06-040 (vulnerability in the Server service) publicly available.
The current exploit seems to be working on all Windows 2000 systems and Windows XP SP0 and SP1. The good thing is that it doesn't work against Windows XP SP2 or Windows 2003 SP1.
The current version doesn't work against Windows 2003 SP0 or NT4 SP6 either, but this doesn't mean that they are safe.
This is probably a good opportunity to remind you of the host based firewall in SP2 which should, by default, protect the machine from this exploit. Of course, as it effectively stops administration, it's pretty common that in organizations administrators turn the firewall off via GPOs. If you need to do this then try to limit access to the machine ? instead of completely turning off the firewall (or opening it to your whole network), it's much better if you just allow traffic from your administration servers.
In any case, as the exploit is public, it's just a matter of time when script kiddies will start using this (if they haven't already). We can expect that this exploit will soon be added to the attack arsenal of bots such as Sdbot and similar. In other words ? patch! I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Paris June 2020
Aug 10th 2006
1 decade ago