Microsoft Security Bulletin MS06-070 - Vulnerability in Workstation Service Could Allow Remote Code Execution (924270)

Windows 2000 with the Workstation Service started are vulnerable to this remote code exploit from anonymous remote attackers. The vulnerability is limited to incoming connections on port 139 and 445 so Windows Firewall configured to block such connections mitigates the risk. I recommend testing this patch and deploying it. The vulnerability is not public and not being exploited in attacks. A number of obvious workarounds such as disabling the Workstation service or blocking it via Windows Firewall, etc are available for systems where such measures are practical. This isn’t a big risk for XP since you have to be an administrator to exploit the vulnerability.

Update: With the release of proof of concept code for the Workstation vulnerability detailed in MS06-070 (924270) this patch becomes more important/urgent to load. Remember though, this is only a big risk for Windows 2000 and only if port 139 or 443 are not blocked by Basic Firewall or an IP Security Policy. You should be able to mitigate this risk using group policy to configure a “block” rule with IP Security Policies.

Get this valuable commentary each month as soon as Microsoft releases security updates!

Free log parser scripts, a clear explanation of Microsoft's latest security bulletin, helpful security tips, how-to's and more.