Update Protection Against Microsoft Windows Web Client Service Vulnerability (MS06-008)
| Check Point Reference: | CPAI-2006-018 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Microsoft Security Bulletin MS06-008 | |
| Industry Reference(s): | CVE-2006-0013 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Windows XP SP1 and SP2 Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 Microsoft Windows Server 2003 SP1 Microsoft Windows Server 2003 for Itanium-based Systems Microsoft Windows Server 2003 with SP1 for Itanium-based Systems Microsoft Windows Server 2003 x64 Edition | ||
| Vulnerability Description Several versions of the Microsoft Windows operating system are shipped with a WebDAV service, referred to by Microsoft as the Web Client service. The Web Client service allows applications to access documents on the Internet by using the WebDAV protocol. A vulnerability was detected in the Web Client service. A remote authenticated attacker could exploit this vulnerability by crafting a RPC call to the affected service. To exploit the vulnerability, an attacker would first have to authenticate to the system. Successful exploitation will grant the attacker complete control of the affected system. |
||
|
Vulnerability Status No exploit has been released so far. |
|
|
Update/Patch Available Microsoft has released a patch for this vulnerability. The patch is available at http://www.microsoft.com/technet/security/Bulletin/MS06-008.mspx. |
|
|
Vulnerability Details The vulnerability is caused by an unchecked buffer in the Web Client service. To exploit the vulnerability, an attacker must have valid logon credentials and the target client must have Web Service running. To trigger the vulnerability, an attacker connects to the service remotely usingWebDAV RPC and provides the user credentials. The attacker will then send a maliciously crafted RPC WebDAV request. The service is exploited upon processing the malicious request. |
Protection Overview
The update blocks the WebDAV MS-RPC interface over Common Internet File Sharing (CIFS) protocol.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
Also included with the update:
- Protection Against WMF Image Parsing Vulnerability (CPAI-2006-004) - CPAI-2006-020
VPN-1 NGX R60 & VPN-1 NG with Application Intelligence R55W
How Can I Protect My Network?
1. Update your SmartDefense by clicking Online Update in the SmartDashboard General window.
2. On the SmartDefense tree, click Application Intelligence > MS-RPC > MS-RPC over CIFS and enable Block Web Client Vulnerability (MS06-008). 
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: MS-RPC over CIFS Enforcement Violation
Attack information: MS-RPC over CIFS - Detected Microsoft Web Client Vulnerability (MS06-008)
InterSpect NGX
How Can I Protect My Network?
1. Update your SmartDefense: In the left pane from the drop-down list, select Profiles > SmartDefense Service and click the Online Update button.
2. In the left pane, select Profiles > Default Protection and select the SmartDefense page of the profile.
3. In the SmartDefense tree, click Application Intelligence > MS-RPC > MS-RPC over CIFS and enable Block Web Client Vulnerability (MS06-008).
4. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: MS-RPC over CIFS Enforcement Violation
Attack information: MS-RPC over CIFS - Detected Microsoft Web Client Vulnerability (MS06-008)
VPN-1 NG with Application Intelligence R55
How Can I Protect My Network?
1. Update your SmartDefense by clicking Update Now in the SmartDashboard General window.
2. On the SmartDefense tree, click Application Intelligence > MS-RPC > MS-RPC over CIFS and enable Block Web Client Vulnerability (MS06-008).
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log rule 99452 indicating that an attempt to exploit Microsoft Windows Web Client Vulnerability (MS06-008) has been blocked.
InterSpect 2.0/1.x
How Can I Protect My Network?
1. Update your SmartDefense by clicking Online Update in the SmartDashboard General window.
2. On the SmartDefense tree, click Application Intelligence > RPC > MS-RPC over CIFS and enable Block Web Client Vulnerability (MS06-008).
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: MS-RPC over CIFS Enforcement Violation
Attack information: MS-RPC over CIFS - Detected Microsoft Web Client Vulnerability (MS06-008)