Protection against Vulnerabilities in Microsoft Windows Distributed Transaction Coordinator (DTC) - MS05-051

DTC (Distributed Transaction Coordinator) is a system service that coordinates transactions. A vulnerability was detected in the DTC service for several Microsoft Windows operating systems that can allow remote attackers to execute arbitrary code via a crafted DTC packet.

Users of VPN-1 NG with Application Intelligence R55W, VPN-1 NGX R60 and users of InterSpect who have applied the solution outlined below will identify the attack by the following log entries:

Attack Name:  MS-RPC over CIFS Enforcement Violation
Attack Information: MS-RPC over CIFS - Detected Microsoft DTC Vulnerability (MS05-051)

Users of VPN-1 NG with Application Intelligence R55 will receive rule 99449 on the SmartView Tracker screen.

Users of VPN-1 NG with Application Intelligence R55 & 55W, users of VPN-1 NGX R60 and users of InterSpect should update their SmartDefense by clicking Online Update in the SmartDashboard General window.

The update blocks the specific vulnerable operation in DTC MS-RPC interface over the Common Internet File Sharing (CIFS) protocol.

To enable the protection:

1. On the SmartDefense tree, click MS-RPC > MS-RPC over CIFS.
2. Enable Block DTC vulnerability (MS05-051)



3. Install security policy on all modules.

Zone Labs Security Advisory

This update also includes:

- Microsoft uPnP protection (MS05-047) - CPAI-2005-139 
- Microsoft Client Service for NetWare protection (MS05-046) - CPAI-2005-138 
- Microsoft Windows LSASS Protection - CPAI-2005-136