dcsimg

Urgent Security Patch for Windows PCs

By ServerWatch Staff (Send Email)
Posted Sep 12, 2002


Christopher Rice

Any unpatched WinNT/2K/XP or .NET machine on your network that's listening on port 139 and/or 445 can be crashed in about two seconds with a malformed SMB packet.

Any unpatched WinNT/2K/XP or .NET machine on your network that's listening on port 139 and/or 445 can be crashed in about two seconds with a malformed SMB packet.

Server Message Block (SMB) is the protocol that Microsoft uses to share files, printers, and serial ports. SMB is also used to communicate between computers by using named pipes and mail slots. In a networked environment, servers make file systems and resources available to clients. Clients make SMB requests for resources, and servers make SMB responses in what is described as a client server, request-response protocol.

By sending a specially-crafted packet request, an attacker can mount a denial-of-service attack on the target server computer. This may cause your computer to stop responding (hang). The attacker could use both a user account and anonymous access to accomplish this. Though not confirmed, it may be possible for the attacker to then start arbitrary code.

It was bad enough in theory, but now a script-kiddie friendly GUI version of the exploit has been posted on PacketStorm, and it works against all of the above. We worked through the weekend to get a large percentage of our boxes patched -- you may have to do the same. You can try for yourself at:


http://www.w2knews.com/rd/rd.cfm?id=020902RN-PacketStorm


[Editor's note] The fact that this vulnerability is out there, and that someone has created a GUI to exploit it that can sit on a desktop as an icon makes it really dangerous.


The patch and the MSFT article can be found here:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q326830&

 

Let me know if you know any other holes or security leaks like this one.

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.