Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: MS06-063: Mailslot DoS (Server service) - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-063: Mailslot DoS (Server service)
This vulnerability from Microsoft is a simple Denial of Service against all Windows platforms.  The attack vector is TCP ports 139 or 445.  Apparently, there is an unitialized buffer that could be modified remotely to crash the box.  Exploit code has been available for this bug since July 19, 2006.  Famed handler Swa covered it in a diary entry last month:

It looks like the Core Security folks found this after the MS06-035 in July (  Microsoft also has a blog entry on it: .

There probably isn't any need to freak out on this one.  The exploit has been out in the wild for several months.  If you are seeing some mysterious reboots on Windows machines and untrusted people can hit TCP 139 or 445 on those hosts, then this could potentially solve your problems (although Microsoft is claiming that it hasn't been used in the wild yet).  Otherwise, there are no code execution possibilities with this vulnerability, so you don't need to be in "emergency mode" to patch it.


112 Posts
Oct 10th 2006

Sign Up for Free or Log In to start participating in the conversation!