Advisory ID : FrSIRT/ADV-2006-3037
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-07-28
Technical Description: A vulnerability has been identified in Microsoft Windows, which could be exploited by remote attackers to cause a denial of service. This flaw is due to NULL pointer dereference error in the server driver (srv.sys) when handling specially crafted SMB (Server Message Block) packets, which could be exploited by a remote unauthenticated attackers to cause a vulnerable system to crash or display a blue screen, creating a denial of service condition.
Note : A fully functional exploit has been published.
Solution: Restrict access to ports 135, 139 and 445.
A new SMB based vulnerability and exploit have been just developed which could create blue screen crashes for 2000, 2003, and XP. We should monitor this new risk for further developments. AV protection plus PC Firewall controls blocking the 3 key ports below will also help protect users.
MSRC Blog entry
Windows Unpatched SMB DoS Vulnerability and Exploit