Content
(MS08-067) Microsoft Windows Server Service Vulnerability (958644)
- Type
- Logic error
- Impact of exploitation
- Remote Code Execution
- User Interaction
- no user interaction is needed
- Attack Vector
- Malicious local network traffic
- Rating
- Critical
- CVE reference
- CVE-2008-4250,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows 2000 SP4,
- Windows XP SP3,
- Windows XP X64 SP2,
- Windows 2003 SP2,
- Windows 2003 x64 SP2,
- Windows 2003 Itanium SP2,
- Windows Vista SP1,
- Windows Vista X64 SP1,
- Windows 2008,
- Summary
- A vulnerability exists, in Microsoft Windows Server Service, which may allow for remote code execution.
Tab Navigation
Description
The Microsoft Server Service allows for local resource sharing via RPC. A vulnerability exists, in Microsoft Windows Server Service, which may allow for remote code execution. The flaw lies in the improper handling of specially-crafted (malicious) RPC requests. In a successful attack scenario, an attacker could potentially take full control of a target system via this vulnerability.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft(958644): http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS08-067) Microsoft Windows Server Service Vulnerability (958644)
- Signature identifier:
- 6190
- Release date:
- 10/23/2008
McAfee Foundstone
- Signature:
- (MS08-067) Microsoft Windows Server Service Vulnerability Intrusive (958644)
- Signature identifier:
- 44006
- Release date:
- 10/25/2008
McAfee Foundstone
- Signature:
- (MS08-067) Microsoft Windows Server Service Vulnerability (958644)
- Signature identifier:
- 6191
- Release date:
- 11/5/2008
McAfee Intrushield
- Signature:
- NETBIOS-SS: Microsoft Server Service Remote Code Execution Vulnerability
- Signature identifier:
- 0x40709D00
- Release date:
- 10/23/2008
- First released in:
- 3.1.73.10, 4.1.36.11, 5.1.6.8
McAfee Intrushield
- Signature:
- DCERPC: SRVSVC Buffer Overflow
- Signature identifier:
- 0x47602E00
- Release date:
- 8/8/2006
- First released in:
- 3.1.1, 4.1.1
McAfee Host IPS
Generic Buffer Overflow is expected. "Windows Server Service Buffer Overflow Vulnerability (Tighter Security)", signature id 3768, can provide partial coverage. The 3961 Signature (released October 28) will block Denial of Service and code execution exploits associated with MS08-067 on HIPS.
- Signature:
- Signature 3961
- Signature identifier:
- 3961
- Release date:
- 10/28/2008
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
Buffer overflow protection is expected to cover future code-execution exploits.
- Signature:
- Buffer Overflow Protection
- Release date:
- 10/23/2008
McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection
Buffer overflow protection is expected to cover future code-execution exploits.
- Signature:
- Buffer Overflow Protection
- Release date:
- 10/23/2008
Additional Resources
Vulnerability in Server Service Could Allow Remote Code Execution (958644)
http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx
All Information
Timeline -
11/16/2008
A proof of concept has been released.
10/23/2008
Vendor has provided a patch.
10/23/2008
A proof of concept has been released.
10/23/2008
Exploit code has been released.
Description -
The Microsoft Server Service allows for local resource sharing via RPC. A vulnerability exists, in Microsoft Windows Server Service, which may allow for remote code execution. The flaw lies in the improper handling of specially-crafted (malicious) RPC requests. In a successful attack scenario, an attacker could potentially take full control of a target system via this vulnerability.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft(958644): http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS08-067) Microsoft Windows Server Service Vulnerability (958644)
- Signature identifier:
- 6190
- Release date:
- 10/23/2008
McAfee Foundstone
- Signature:
- (MS08-067) Microsoft Windows Server Service Vulnerability Intrusive (958644)
- Signature identifier:
- 44006
- Release date:
- 10/25/2008
McAfee Foundstone
- Signature:
- (MS08-067) Microsoft Windows Server Service Vulnerability (958644)
- Signature identifier:
- 6191
- Release date:
- 11/5/2008
McAfee Intrushield
- Signature:
- NETBIOS-SS: Microsoft Server Service Remote Code Execution Vulnerability
- Signature identifier:
- 0x40709D00
- Release date:
- 10/23/2008
- First released in:
- 3.1.73.10, 4.1.36.11, 5.1.6.8
McAfee Intrushield
- Signature:
- DCERPC: SRVSVC Buffer Overflow
- Signature identifier:
- 0x47602E00
- Release date:
- 8/8/2006
- First released in:
- 3.1.1, 4.1.1
McAfee Host IPS
Generic Buffer Overflow is expected. "Windows Server Service Buffer Overflow Vulnerability (Tighter Security)", signature id 3768, can provide partial coverage. The 3961 Signature (released October 28) will block Denial of Service and code execution exploits associated with MS08-067 on HIPS.
- Signature:
- Signature 3961
- Signature identifier:
- 3961
- Release date:
- 10/28/2008
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
Buffer overflow protection is expected to cover future code-execution exploits.
- Signature:
- Buffer Overflow Protection
- Release date:
- 10/23/2008
McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection
Buffer overflow protection is expected to cover future code-execution exploits.
- Signature:
- Buffer Overflow Protection
- Release date:
- 10/23/2008
Additional Resources
Additional Resources -
Vulnerability in Server Service Could Allow Remote Code Execution (958644)
http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx
