Signature Detail

MS-RPC: DCE-RPC Remote "atsvc" Bind

This signature detects remote attempts to bind to the "atsvc" service, which provides the ability to remotely schedule process execution. Worms and other malicious programs can use this service to execute programs remotely. However, network administrators can also use this service legitimately inside a secured network to assist with remote administration.

Extended Description

A vulnerability exists in the Windows Task Scheduler's Mstask.exe process. This vulnerability allows an attacker to cause a denial of service.

References

• URL: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/taskschd/taskschd/about_the_task_scheduler.asp
• URL: http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0126.html