Preemptive Protection against Microsoft Plug and Play Vulnerability (MS05-047)
| Attack ID: | CPAI-2005-139 |
 |
|
| Publish Date: | |
|
|
| Last Update: | |
|
|
| Category: | Remote Code Execution |
|
|
| Vulnerable Systems: | Windows 2000 Professional Windows 2000 Server Windows NT Windows NT TS Windows XP Windows XP SP2 |
|
|
| Source: | Microsoft Security Bulletin MS05-047 |
|
|
| Description: | Plug and Play (PnP) allows the operating system to detect new hardware (e.g a mouse, a digital camera) when you install it on a system. A vulnerability exists in Microsoft's Plug and Play (PnP) service that can be exploited by remote attackers to compromise a vulnerable system. |
|
|
| Severity: | |
| Details: | The vulnerability can be triggered by sending a specially crafted PnP packet. The vulnerability is due to a buffer overflow error in the Plug and Play service that does not properly handle specially crafted requests. |
|
|
| Attack Detection: | Users of VPN-1 NG with Application Intelligence R55W, users of VPN-1 NGX R60 and users of InterSpect will identify the attack by the following log entries: Attack Name: MS-RPC over CIFS violation Users of VPN-1 NG with Application Intelligence R55 will identify rule 99448 on the SmartView Tracker screen. |
|
|
| Solution: | Users of VPN-1 NG with Application Intelligence R55 & R55W, users of VPN-1 NGX R60 and users of InterSpect who ahve applied the solution outlined in CPAI-2005-120 are preemptively protected against this vulnerability. |
|
|
| Industry Reference: | CAN-2005-2120 |
|
|
| Additional Information: | This update also includes: Microsoft DTC protection (MS05-051) - CPAI-2005-140 |