Microsoft Security Bulletin MS06-063 - Vulnerability in Server Service Could Allow Denial of Service (923414)

This one is more than a denial of service issue. This bulletin addresses 2 vulnerabilities in the Server service – only one of them being simple denial of service. The other (SMB Rename Vulnerability) as clarified in the FAQ is a full blown remote code execution allowing an attacker with valid logon credentials to take over a remote computer via UDP ports 135, 137, 138 and 445, and TCP ports 135, 139, 445 and 593. Due to the prevalence of Internet firewalls and the fact that logon credentials are required this vulnerability becomes primarily an insider issue. Exploit details and proof of concept code are public but no reports of attacks as of yet. I suggest immediately initiating testing of this patch followed by deployment to all servers. Workstations with properly configured firewalls are less likely to be affected by this vulnerability.

Get this valuable commentary each month as soon as Microsoft releases security updates!

Free log parser scripts, a clear explanation of Microsoft's latest security bulletin, helpful security tips, how-to's and more.

Upcoming Webinars by Randy Franklin Smith

IT Audit: Active Directory Audit: Factoring in Integration with Other Applications, Databases and Platforms

Filling the Gap in Windows Configuration Baselining

Additional Links

A
D
V

Whitepaper by Randy: Filling the Gap in Exchange Auditing

NEW! GFI EventsManager 8 Extends Event Management Capabilities. Find Out More.

Get Randy's Security Log Resource Kit