Threat Level: green Handler on Duty: Tony Carothers

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

MS06-040 exploit(s) publicly available

Published: 2006-08-10
Last Updated: 2006-08-10 10:32:57 UTC
by Bojan Zdrnja (Version: 1)
0 comment(s)
As almost everyone predicted, it didn't take long to have MS06-040 (vulnerability in the Server service) publicly available.

The current exploit seems to be working on all Windows 2000 systems and Windows XP SP0 and SP1. The good thing is that it doesn't work against Windows XP SP2 or Windows 2003 SP1.
The current version doesn't work against Windows 2003 SP0 or NT4 SP6 either, but this doesn't mean that they are safe.

This is probably a good opportunity to remind you of the host based firewall in SP2 which should, by default, protect the machine from this exploit. Of course, as it effectively stops administration, it's pretty common that in organizations administrators turn the firewall off via GPOs. If you need to do this then try to limit access to the machine ? instead of completely turning off the firewall (or opening it to your whole network), it's much better if you just allow traffic from your administration servers.

In any case, as the exploit is public, it's just a matter of time when script kiddies will start using this (if they haven't already). We can expect that this exploit will soon be added to the attack arsenal of bots such as Sdbot and similar. In other words ? patch!
Keywords:
0 comment(s)
Diary Archives