Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: MS06-030: Microsoft SMB Vulnerabilities - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-030: Microsoft SMB Vulnerabilities
MS06-030 - KB 914389

MS06-030 covers two vulnerabilities. The more severe one ("SMB Driver Elevation of Privilege Vulnerability") will allow an attacker who has regular user access to a system to gain administrator access. The attack requires some form of regular access, for example valid login credentials or an exploit against a regular user on the system.                   
                                                                                  
You could disable the Workstation service to mitigate this vulnerability. However, this is probably only going to work for stand alone workstations. Disabling the Workstation service will break file and printer sharing.                                                              
                                                                                  
The second vulnerability ("SMB Invalid Handle Vulnerability") results in a Denial of Service condition, but as the first vulnerability it requires valid login credentials. 

This vulnerability is covered in CVE-2006-2373.

--
Johannes Ullrich


Swa

760 Posts

Sign Up for Free or Log In to start participating in the conversation!