|Check Point Reference:||CPAI-2007-050|
|Date Published:||30 Mar 2007|
|Last Updated:||29 Apr 2015|
|Protection Provided by:||
|Who is Vulnerable?|
|Vulnerability Description||Microsoft Windows workstation service routes local file system requests and remote file or print network requests via Remote Procedure Call (RPC). A denial of service vulnerability has been reported in the Microsoft Windows Workstation service. A remote attacker can exploit this issue by specially crafting a malicious RPC request and sending it to an affected system. Successful exploitation may create a temporary denial of service condition on the target host.|
This protection will detect and block malformed RPC requests.The detect mode makes it possible to track unauthorized traffic without blocking it.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: MS-RPC over CIFS Enforcement Violation.
Attack Information: Microsoft Windows Workstation Service NetrWkstaUserEnum denial of service