Whipnet's Home
Home
Whipnet's Web Hosting Services
Whipnet's Tech Services for Houston, Tx

Contact Whipnet

 


Business Consultations
You Are Here --->
Software Services
Virus Removal Services
 
Technical Hand - Hardware - LAN - Rollouts

 

 

Where is the Industry Headed?

Future of Computing

Home | Computer Hardware ServicesMicrosoft Security Bulletins

The information provided in this site is provided "as is" without warranty of any kind. Microsoft Corporation disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Furthermore, this information is only listed as a resource for such information by Whiptech. Whiptech is in no way responsible for the use or misuse of the information by anyone, anywhere, at anytime.

Home | Computer Hardware ServicesMicrosoft Patch Disclosure - August 2006

Vulnerability in Server Service Could Allow Remote Code Execution (921883)
Published: August 8, 2006
Microsoft Severity Rating: Critical


Description:
Last month MS06-035 addressed issues with the Server Service and this month MS06-040 is another patch addressing different issues in the same service. As you may remember from last month, exploitation of the issue was difficult and not completely anonymous on all operating systems. This time around, the vulnerability, an unchecked buffer in the Server Service, allows for anonymous exploitation remotely. In addition, US-CERT and Microsoft have both claimed to have observed existing exploits for this vulnerability.

Recommendations:
While Whiptech cannot confirm or deny claims of exploits in the wild, we have no choice but to trust them until proven otherwise. Because of this, we recommend that users who cannot install this patch immediately should insure that TCP ports 139 and 445 are blocked at corporate gateways. Obviously blocking these ports internally is not an option as it will break many essential services.

Affected Software:
. Microsoft Windows 2000 Service Pack 4
. Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
. Microsoft Windows XP Professional x64 Edition
. Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
. Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
. Microsoft Windows Server 2003 x64 Edition


HOME                                                          2002-2013 Whipnet Technologies