Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - MS Windows Memory Allocation Denial of Service Via RPC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

MS Windows Memory Allocation Denial of Service Via RPC

Published: 2005-11-17
Last Updated: 2005-11-17 13:12:33 UTC
by Kevin Hong (Version: 1)
0 comment(s)
Today, Microsoft release new security advisory for Memory allocation denial of service attack via RPC.

The proof of concept code is publicly available but no patch yet.

Only Microsoft Windows 2000 service pack 4 and Windows XP SP1 are affected  by this vulnerability.
Windows XP SP2 and Windows 2003 are not affected by this vulnerability.
Following the MS security advisory, the vulnerability could allow an attacker to levy a denial of service attack of limited duration.
For succeed exploit attack, the attacker needs valid logon credentials.
If anyone who use Windows 2000 SP4 and Windows XP SP1, need to block unnecessary ports which are recommended by MS security advisory.

If you have any more information with public POC, please contact to us.

You can find more information from following MS Security Advisory.
-->  http://www.microsoft.com/technet/security/advisory/911052.mspx
Keywords:
0 comment(s)
Diary Archives