Update Protection against Microsoft Windows Server Service Vulnerability (MS06-040)
| Check Point Reference: | CPAI-2006-097 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Microsoft Security Bulletin MS06-040 | |
| Industry Reference(s): |
CVE-2006-3439 |
|
| Protection Provided by: |
VPN-1
|
|
|
Who is Vulnerable? Microsoft Windows 2000 SP4 Microsoft Windows XP SP1, SP2 Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 Microsoft Windows Server 2003 SP1 Microsoft Windows Server 2003 for Itanium-based Systems Microsoft Windows Server 2003 with SP1 for Itanium-based Systems |
||
| Vulnerability Description Microsoft Windows Server service (SRVSVS) provides RPC support, file print support and named pipe sharing over the network. Buffer overflow in the Server Service in multiple versions of Microsoft Windows allows remote attackers to execute arbitrary code via a crafted RPC message containing malformed parameters. The vulnerability is being actively exploited. |
||
|
Vulnerability Status Exploit for this vulnerability is publicly available. |
|
|
Update/Patch Available Microsoft addresses this vulnerability with the updates listed in Microsoft Security Bulletin MS06-040. |
|
|
Vulnerability Details The vulnerability can be triggered by supplying a crafted RPC request containing malformed parameters to some of the API functions offered by the Server service (port 139/TCP or 445/TCP). Successful exploitation could grant an attacker complete control of an affected system. |
Protection Overview
Supplying malformed parameters to some of the API functions offered of the Server service (SRVSVC) might allow remote attackers to take complete control of a vulnerable system.
By enabling the protection, SmartDefense will block MS-RPC Server service (SRVSVC) requests that contain malformed parameters.
To configure the defense, select your product from the list below and follow the related protection steps.
VPN-1 NGX R61
How Can I Protect My Network?
1. Update SmartDefense: Click the SmartDefense Services tab and click Update Now in the Download Updates page.
2. In the SmartDefense tree, click Application Intelligence > MS-RPC > MS-RPC over CIFS and enable Block SRVSVC Vulnerability (MS06-040). 
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: MS-RPC Enforcement Violation
Attack information: Detected SRVSVC Vulnerability (MS06-040)
VPN-1 NGX R60 & VPN-1 NG with Application Intelligence R55W
How Can I Protect My Network?
1. Update your SmartDefense by clicking Online Update in the SmartDashboard General window.
2. In the SmartDefense tree, click Application Intelligence > MS-RPC > MS-RPC over CIFS and enable Block SRVSVC Vulnerability (MS06-040).
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: MS-RPC Enforcement Violation
Attack information: Detected SRVSVC Vulnerability (MS06-040)
VPN-1 NG with Application Intelligence R55
How Can I Protect My Network?
1. Update your SmartDefense by clicking Update Now in the SmartDashboard General window.
2. In the SmartDefense tree, click Application Intelligence > MS-RPC > MS-RPC over CIFS and enable Block SRVSVC Vulnerability (MS06-040).
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log rule 99454 indicating that an attempt to exploit SRVSVC Vulnerability (MS06-040) has been detected.
VPN-1 VSX NGX
How Can I Protect My Network?
1. Update SmartDefense by clicking Update Now in the SmartDashboard General window.
2. In the SmartDefense tree, click Application Intelligence > MS-RPC > MS-RPC over CIFS and enable Block SRVSVC Vulnerability (MS06-040).
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log rule 99454 indicating that an attempt to exploit SRVSVC Vulnerability (MS06-040) has been detected.
InterSpect NGX
How Can I Protect My Network?
1. Update your SmartDefense: In the left pane from the drop-down list, select Profiles > SmartDefense Service and click the Online Update button.
2. In the left pane, select Profiles > Default Protection and select the SmartDefense page of the profile.
3. In the SmartDefense tree, click Application Intelligence > MS-RPC > MS-RPC over CIFS and enable Block SRVSVC Vulnerability (MS06-040).
4. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: MS-RPC Enforcement Violation
Attack information: Detected SRVSVC Vulnerability (MS06-040)
InterSpect 2.0
How Can I Protect My Network?
1. Update SmartDefense by clicking Online Update in the SmartDashboard General window.
2. In the SmartDefense tree, click Application Intelligence > RPC > MS-RPC over CIFS and enable Block SRVSVC Vulnerability (MS06-040).
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: MS-RPC Enforcement Violation
Attack information: Detected SRVSVC Vulnerability (MS06-040)