McAfee > Theat Center > Vulnerability Detail Page

Timeline

1/13/2009

Vendor has provided a patch.

9/15/2008

Vulnerability information has been publicly disclosed.

9/14/2008

A proof of concept has been released.

Description

The Windows kernel is the core of the Windows operating system. A vulnerability exists in Microsoft Windows (srv.sys) that may result in a denial-of-service attack. The flaw is attributed to the method in which srv.sys processes malformed WRITE_ANDX SMB packets. Successful exploitation can be achieved when an attacker sends WRITE_ANDX packets to a target network interface which uses Named Pipes. The attacker must have sufficient privileges to remotely send the packets, but they do not necessarily need valid credentials on the target machine.

McAfee Product Mitigation & Recommendations

Recommendations

The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx

McAfee Product Mitigation

McAfee Foundstone

Signature:

Microsoft Windows Kernel WRITE_ANDX SMB Denial-of-Service Vulnerability

Signature identifier:

6136

Release date:

9/18/2008

McAfee Intrushield

This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:

SMB: Microsoft SMB Write AndX Command Handling Kernel DoS

Signature identifier:

0x40709800

Release date:

9/25/2008

First released in:

sigset 3.1.72, 4.1.35, 5.1.5

McAfee Anti-Virus protection

The 5387 DATs contains detection for known tools exploiting this threat since September 18th, 2008.

Signature:

Exploit-SMBAndx

Release date:

9/18/2008

First released in:

5387

Additional Resources

Microsoft Windows "WRITE_ANDX" SMB Packet Handling Denial of Service

http://secunia.com/Advisories/31883/

Vulnerabilities in SMB Could Allow Remote Code Execution (958687)

http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx

All Information

Timeline -

1/13/2009

Vendor has provided a patch.

9/15/2008

Vulnerability information has been publicly disclosed.

9/14/2008

A proof of concept has been released.

Description -

The Windows kernel is the core of the Windows operating system. A vulnerability exists in Microsoft Windows (srv.sys) that may result in a denial-of-service attack. The flaw is attributed to the method in which srv.sys processes malformed WRITE_ANDX SMB packets. Successful exploitation can be achieved when an attacker sends WRITE_ANDX packets to a target network interface which uses Named Pipes. The attacker must have sufficient privileges to remotely send the packets, but they do not necessarily need valid credentials on the target machine.

McAfee Product Mitigation & Recommendations

Recommendations -

The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx

McAfee Product Mitigation

McAfee Foundstone

Signature:

Microsoft Windows Kernel WRITE_ANDX SMB Denial-of-Service Vulnerability

Signature identifier:

6136

Release date:

9/18/2008

McAfee Intrushield

This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:

SMB: Microsoft SMB Write AndX Command Handling Kernel DoS

Signature identifier:

0x40709800

Release date:

9/25/2008

First released in:

sigset 3.1.72, 4.1.35, 5.1.5

McAfee Anti-Virus protection

The 5387 DATs contains detection for known tools exploiting this threat since September 18th, 2008.

Signature:

Exploit-SMBAndx

Release date:

9/18/2008

First released in:

5387

Additional Resources

Additional Resources -

Microsoft Windows "WRITE_ANDX" SMB Packet Handling Denial of Service

http://secunia.com/Advisories/31883/

Vulnerabilities in SMB Could Allow Remote Code Execution (958687)

http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx