Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: MS06-040 exploit(s) publicly available SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-040 exploit(s) publicly available
As almost everyone predicted, it didn't take long to have MS06-040 (vulnerability in the Server service) publicly available.

The current exploit seems to be working on all Windows 2000 systems and Windows XP SP0 and SP1. The good thing is that it doesn't work against Windows XP SP2 or Windows 2003 SP1.
The current version doesn't work against Windows 2003 SP0 or NT4 SP6 either, but this doesn't mean that they are safe.

This is probably a good opportunity to remind you of the host based firewall in SP2 which should, by default, protect the machine from this exploit. Of course, as it effectively stops administration, it's pretty common that in organizations administrators turn the firewall off via GPOs. If you need to do this then try to limit access to the machine ? instead of completely turning off the firewall (or opening it to your whole network), it's much better if you just allow traffic from your administration servers.

In any case, as the exploit is public, it's just a matter of time when script kiddies will start using this (if they haven't already). We can expect that this exploit will soon be added to the attack arsenal of bots such as Sdbot and similar. In other words ? patch! I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Amsterdam November 2021


400 Posts
ISC Handler
Aug 10th 2006

Sign Up for Free or Log In to start participating in the conversation!