Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: MS Windows Memory Allocation Denial of Service Via RPC - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS Windows Memory Allocation Denial of Service Via RPC
Today, Microsoft release new security advisory for Memory allocation denial of service attack via RPC.

The proof of concept code is publicly available but no patch yet.

Only Microsoft Windows 2000 service pack 4 and Windows XP SP1 are affected  by this vulnerability.
Windows XP SP2 and Windows 2003 are not affected by this vulnerability.
Following the MS security advisory, the vulnerability could allow an attacker to levy a denial of service attack of limited duration.
For succeed exploit attack, the attacker needs valid logon credentials.
If anyone who use Windows 2000 SP4 and Windows XP SP1, need to block unnecessary ports which are recommended by MS security advisory.

If you have any more information with public POC, please contact to us.

You can find more information from following MS Security Advisory.

32 Posts
Nov 17th 2005

Sign Up for Free or Log In to start participating in the conversation!