Content
(MS07-058) Microsoft Windows RPC Authentication Vulnerability Could Allow Denial of Service (933729)
- Type
- Logic error
- Impact of exploitation
- Denial of Service
- User Interaction
- no user interaction is needed
- Attack Vector
- Malicious remote network traffic
- Rating
- Medium
- CVE reference
- CVE-2007-2228,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows 2000 SP4,
- Windows XP SP0 - SP2,
- Windows 2003 SP0 - SP2,
- Windows Vista SP0,
- Summary
- A vulnerability is present in Microsoft Windows RPC authentication that could allow for a denial of service attack. Exploitation could occur from remote attackers without authentication via a specially crafted RPC request.
Tab Navigation
Description
Microsoft RPC allows for transparent remote communication. A vulnerability is present in Microsoft Windows RPC authentication that could allow for a denial of service attack. The flaw lies in the improper processing of a specially crafted RPC NTLMSSP authentication request. Successful exploitation would be available to remote attackers without authentication.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft (933729): http://www.microsoft.com/technet/security/Bulletin/MS07-058.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS07-058) Microsoft Windows RPC Authentication Vulnerability Could Allow Denial of Service (933729)
- Signature identifier:
- 5515
- Release date:
- 10/9/2007
McAfee Intrushield
This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- DCERPC: Microsoft Windows RPC Authentication Vulnerability
- Signature identifier:
- 0x47603B00
- Release date:
- 10/9/2007
- First released in:
- Sigset(s) 4.1.12; 3.1.49
Additional Resources
Microsoft Security Bulletin: Vulnerability in RPC Could Allow Denial of Service (933729)
http://www.microsoft.com/technet/security/Bulletin/MS07-058.mspx
All Information
Timeline -
10/9/2007
Vendor has provided a patch.
Description -
Microsoft RPC allows for transparent remote communication. A vulnerability is present in Microsoft Windows RPC authentication that could allow for a denial of service attack. The flaw lies in the improper processing of a specially crafted RPC NTLMSSP authentication request. Successful exploitation would be available to remote attackers without authentication.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft (933729): http://www.microsoft.com/technet/security/Bulletin/MS07-058.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS07-058) Microsoft Windows RPC Authentication Vulnerability Could Allow Denial of Service (933729)
- Signature identifier:
- 5515
- Release date:
- 10/9/2007
McAfee Intrushield
This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- DCERPC: Microsoft Windows RPC Authentication Vulnerability
- Signature identifier:
- 0x47603B00
- Release date:
- 10/9/2007
- First released in:
- Sigset(s) 4.1.12; 3.1.49
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Vulnerability in RPC Could Allow Denial of Service (933729)
http://www.microsoft.com/technet/security/Bulletin/MS07-058.mspx
