Major Windows Security Update Issued
Posted: 18:00:00, Tuesday, Aug 8, 2006 Expiration: 18:00:00, Tuesday, Aug 15, 2006
On August 8, 2006 Microsoft released a patch for a previously undisclosed vulnerability in the Microsoft Windows server service. All Windows XP and 2000 computers are vulnerable.
On August 8, 2006 Microsoft released a patch for a previously undisclosed vulnerability (http://www.microsoft.com/technet/security/Bulletin/MS06-040.mspx) in the Microsoft Windows server service. The server service is responsible for File and Printer Sharing, remote access via Remote Procedure Calls (RPC), and access to computers via named pipes. Microsoft indicated that the vulnerability *is already being exploited* on the Internet.
An unauthenticated attacker can send a specially crafted message to the Server service and execute the code of his/her choice and take complete control of the vulnerable system.
- Microsoft Windows XP (all versions)
- Microsoft Windows Server 2003 (all versions)
- Microsoft Windows 2000 (all versions)
See Microsoft Security Bulletin MS06-040 for a complete list.
The Server service uses TCP ports 139 and 445. The University of Wisconsin-Madison network is already blocking TCP ports 139 and 445 at the network border. *Note:* Though beneficial, these network border blocks aren't effective at stopping attacks that originate from inside our network border (e.g., dial-up, vpn, etc). Therefore, it is important that you follow the recommendations and workarounds listed below.
- Configure a host based firewall, such as the Windows Firewall to block communication to TCP ports 139 and 445 from untrusted networks. More info here.
- For servers with sensitive data, use IPSec to restrict communication to only trusted hosts that also have IPSec configured. More info here.
- Use TCP/IP Filtering to block all unsolicited inbound traffic. More info here
-- DoIT Security
Created: 04:58:25, Wednesday, Aug 9, 2006 (by System U.)
Updated: 11:27:32, Monday, Aug 14, 2006 (by System U.)