Signature Detail
Short Name |
MS-RPC:INV:SRV-SVC |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
MS-RPC |
Keywords |
Microsoft Windows Invalid Server Service |
Release Date |
2010/04/22 |
Update Number |
1663 |
Supported Platforms |
idp-4.1.110110609+, isg-3.5.141421+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
MS-RPC: Microsoft Windows Invalid Server Service
This signature detects attempts to exploit a known vulnerability against Microsoft Windows Server Service RPC Interface. A successful attack can lead to arbitrary code execution.
Extended Description
Microsoft Windows Server Service is prone to a remote buffer-overflow vulnerability. This vulnerability arises when the service processes a malicious message in RPC communications. A successful attack may result in arbitrary code execution with SYSTEM privileges leading to a full compromise. Attack attempts may result in denial-of-service conditions as well. Microsoft has reported that this issue is being exploited in the wild. Update (August 14, 2006): A worm named 'W32.Wargbot' that exploits this issue to spread is currently in the wild.
Affected Products
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP3
- Microsoft Windows 2000 Advanced Server SP4
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP3
- Microsoft Windows 2000 Datacenter Server SP4
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP4
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP3
- Microsoft Windows 2000 Server SP4
- Microsoft Windows 2000 Server
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows Server 2003 Datacenter Edition SP1
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Datacenter Edition Itanium SP1
- Microsoft Windows Server 2003 Datacenter Edition Itanium
- Microsoft Windows Server 2003 Datacenter x64 Edition
- Microsoft Windows Server 2003 Enterprise Edition SP1
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Enterprise Edition Itanium SP1
- Microsoft Windows Server 2003 Enterprise Edition Itanium
- Microsoft Windows Server 2003 Enterprise x64 Edition
- Microsoft Windows Server 2003 Standard Edition SP1
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Standard x64 Edition
- Microsoft Windows Server 2003 Web Edition SP1
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home SP2
- Microsoft Windows XP Home
- Microsoft Windows XP Media Center Edition SP1
- Microsoft Windows XP Media Center Edition SP2
- Microsoft Windows XP Media Center Edition
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional SP2
- Microsoft Windows XP Professional
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows XP Tablet PC Edition SP1
- Microsoft Windows XP Tablet PC Edition SP2
- Microsoft Windows XP Tablet PC Edition
References
- BugTraq: 19409
- CVE: CVE-2006-3439
- URL: http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx