Content
(MS06-030) Microsoft Server Message Block Invalid Handle Vulnerability (917159)
- Type
- Logic error
- Impact of exploitation
- Denial of Service
- User Interaction
- no user interaction is needed
- Attack Vector
- Malicious local network traffic
- Rating
- High
- CVE reference
- CVE-2006-2374,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows 2003 SP0 - SP1,
- Windows 2003 Generic,
- Windows 2000 SP4,
- Windows 2000 Generic,
- Windows XP SP2,
- Windows XP SP1,
- Windows XP Generic,
- Summary
- A vulnerability exists in Microsoft Server Message Block that may allow for a denial of service attack.
Tab Navigation
Description
Microsoft Windows is an industry standard operating system. Windows includes support for Server Message Block (SMB). SMB is used for file and print sharing and system management on the Windows platform. Microsoft Server Message Block contains a flaw that may allow for a denial of service attack. The vulnerability is due to an error in the SMB driver mrxsmb.sys. that will cause a process to become unkillable. Successful exploitation would depend upon an attacker having log on locally rights with a valid user account. Affected Systems: Windows 2000 SP4 Windows XP SP1-SP2 Windows Server 2003 SP0-SP1 For more information see: http://www.microsoft.com/technet/security/bulletin/MS06-030.mspx
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft (KB914389): http://www.microsoft.com/technet/security/bulletin/MS06-030.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS06-030) Microsoft Server Message Block Invalid Handle Vulnerability (917159)
- Signature identifier:
- 4418
- Release date:
- 6/13/2006
- First released in:
- Protected by Foundstone
Additional Resources
Microsoft Security Bulletin: Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)
http://www.microsoft.com/technet/security/bulletin/MS06-030.mspx
Windows MRXSMB.SYS MrxSmbCscIoctlCloseForCopyChunk DoS
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=409
All Information
Timeline -
6/13/2006
Vendor has provided a patch.
6/13/2006
Vulnerability information has been publicly disclosed.
6/13/2006
Exploit code has been released.
Description -
Microsoft Windows is an industry standard operating system. Windows includes support for Server Message Block (SMB). SMB is used for file and print sharing and system management on the Windows platform. Microsoft Server Message Block contains a flaw that may allow for a denial of service attack. The vulnerability is due to an error in the SMB driver mrxsmb.sys. that will cause a process to become unkillable. Successful exploitation would depend upon an attacker having log on locally rights with a valid user account. Affected Systems: Windows 2000 SP4 Windows XP SP1-SP2 Windows Server 2003 SP0-SP1 For more information see: http://www.microsoft.com/technet/security/bulletin/MS06-030.mspx
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft (KB914389): http://www.microsoft.com/technet/security/bulletin/MS06-030.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS06-030) Microsoft Server Message Block Invalid Handle Vulnerability (917159)
- Signature identifier:
- 4418
- Release date:
- 6/13/2006
- First released in:
- Protected by Foundstone
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)
http://www.microsoft.com/technet/security/bulletin/MS06-030.mspx
Windows MRXSMB.SYS MrxSmbCscIoctlCloseForCopyChunk DoS
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=409
