DoS vulnerability in Windows
A publicly available exploit demonstrates a vulnerability in Windows that could be used by a malicious user to crash Windows computers on the local network. No update is yet available.
The bug occurs in the workstation service RPC function NetrWkstaUserEnum() if the function is called with too large a value in the MaxLen field. This causes svchost.exe to use all available memory and as a result, the service or computer hangs. The author of the exploit has tested the vulnerability on the Polish versions of Windows 2000 with service pack 4 and Windows XP SP2.
Microsoft has not yet issued a response to the exploit. A workaround is available by blocking ports 139 and 445 in the firewall, but this will disable sharing on the network. The affected ports are usually shielded from the internet.
- Demo exploit on milw0rm.org
(trk)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
