Content
(MS06-030) Microsoft Server Message Block Driver Privilege Escalation (914389)
- Type
- Buffer Overflow
- Impact of exploitation
- Privilege Escalation
- User Interaction
- no user interaction is needed
- Attack Vector
- Malicious local network traffic
- Rating
- High
- CVE reference
- CVE-2006-2373,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows XP Generic,
- Windows XP SP1,
- Windows XP SP2,
- Windows 2003 SP0 - SP1,
- Windows 2003 Generic,
- Windows 2000 SP4,
- Windows 2000 Generic,
- Summary
- A vulnerability exists in Microsoft Server Message Block Drivers that may allow for a privilege escalation attack.
Tab Navigation
Description
Microsoft Windows is an industry standard operating system. Windows includes support for Server Message Block (SMB). SMB is used for file and print sharing and system management on the Windows platform. A kernel buffer overflow vulnerability exists in the Microsoft SMB Drivers that may allow an attacker to elevate their privileges. The flaw resides in the SMB driver mrxsmb.sys. Successful exploitation could lead to complete system compromise from an authenticated user that can log on locally. Affected Systems: Windows 2000 SP4 Windows XP SP1-SP2 Windows Server 2003 SP0-SP1 For more information see: http://www.microsoft.com/technet/security/bulletin/MS06-030.mspx
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft (KB914389): http://www.microsoft.com/technet/security/bulletin/MS06-030.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS06-030) Microsoft Server Message Block Driver Privilege Escalation (914389)
- Signature identifier:
- 4417
- Release date:
- 6/13/2006
- First released in:
- Protected by Foundstone
Additional Resources
Microsoft Security Bulletin: Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)
http://www.microsoft.com/technet/security/bulletin/MS06-030.mspx
Windows MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk Overflow
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=408
All Information
Timeline -
6/13/2006
Vendor has provided a patch.
6/13/2006
Vulnerability information has been publicly disclosed.
6/13/2006
Exploit code has been released.
Description -
Microsoft Windows is an industry standard operating system. Windows includes support for Server Message Block (SMB). SMB is used for file and print sharing and system management on the Windows platform. A kernel buffer overflow vulnerability exists in the Microsoft SMB Drivers that may allow an attacker to elevate their privileges. The flaw resides in the SMB driver mrxsmb.sys. Successful exploitation could lead to complete system compromise from an authenticated user that can log on locally. Affected Systems: Windows 2000 SP4 Windows XP SP1-SP2 Windows Server 2003 SP0-SP1 For more information see: http://www.microsoft.com/technet/security/bulletin/MS06-030.mspx
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft (KB914389): http://www.microsoft.com/technet/security/bulletin/MS06-030.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS06-030) Microsoft Server Message Block Driver Privilege Escalation (914389)
- Signature identifier:
- 4417
- Release date:
- 6/13/2006
- First released in:
- Protected by Foundstone
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)
http://www.microsoft.com/technet/security/bulletin/MS06-030.mspx
Windows MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk Overflow
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=408
