| VID |
26251 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (MS06-077, KB926121) for 'Vulnerability in Remote Installation Service' has not been applied. The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS. Microsoft RIS is not installed on Microsoft Windows 2000 by default. A remote, unauthenticated attacker could create or overwrite operating system files hosted on the Microsoft RIS server, allowing for the insertion of backdoors or other malicious code. As a result, any system subsequently managed by, or installed from the vulnerable RIS would be fully compromised.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/ms06-077.mspx
http://www.kb.cert.org/vuls/id/238064
* Platforms Affected:
Microsoft Windows 2000 SP4 |
| Recommendation |
Apply the appropriate patch (KB926121) for your system, as listed in Microsoft Security Bulletin MS06-077 at http://www.microsoft.com/technet/security/bulletin/ms06-077.mspx
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2006-5585 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
30607 (ISS) |
|
