| VID |
12008 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Microsoft Windows 2000/XP RPC service contains a flaw that may allow a remote attacker to cause a denial of service. By sending a specifically malformed packet to TCP port 135, the RPC service will be disabled and all MS RPC-based services running on the target machine may also be rendered inoperable.
* Note: The system must be restarted to regain normal functionality.
* References:
http://www.microsoft.com/technet/security/bulletin/MS03-010.asp
http://www.immunitysec.com/vulnerabilities/Immunity_svchost_DoS.txt
http://archives.neohapsis.com/archives/bugtraq/2002-10/0307.html
http://www.securiteam.com/windowsntfocus/6G00B2K5PM.html
http://online.securityfocus.com/archive/1/296114
* Platforms Affected:
Windows 2000 Advanced Server
Windows 2000 Datacenter Server
Windows 2000 Professional
Windows 2000 Server
Windows XP SP1 |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft's security bulletin MS03-010 at http://www.microsoft.com/technet/security/bulletin/MS03-010.asp
1. Open the following page :
for Windows 2000 (All except Japanese NEC),
http://microsoft.com/downloads/details.aspx?FamilyId=BD55EB38-A5DE-4810-90F7-097C5B4B9919&displaylang=en
for Windows 2000 (Japanese NEC),
http://microsoft.com/downloads/details.aspx?FamilyId=3F7DC0DA-A684-43A8-B2E3-1EEDEEDC822C&displaylang=ja
for Windows XP 32 bit Edition,
http://microsoft.com/downloads/details.aspx?FamilyId=94213569-3258-4439-9AE7-5D86813B4D9E&displaylang=en
for Windows XP 64 bit Edition,
http://microsoft.com/downloads/details.aspx?FamilyId=E3FB88CF-FA48-4426-A4F8-D18D8D4D2295&displaylang=en
2. Select a different language from the drop-down list and click <Go> button.
3. Click <Download> button to download this patch file.
4. Run this file to install the patch.
5. Restart your system to complete the installation.
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web ste, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch.
As a workaround, block remote access to TCP port 135. |
| Related URL |
CVE-2002-1561 (CVE) |
| Related URL |
6005 (SecurityFocus) |
| Related URL |
10400 (ISS) |
|
