MS06-040: Vulnerability in Server service could allow remote code execution

N

Neil Jackson

Hi,

I haven't posted to a newsgroup for a long long time, I've searched high and
low and cannot see an answer to this one but sorry if this has already been
asked before.

MS06-040: Vulnerability in Server service could allow remote code execution.

We have about 100 Windows 2000 Servers running Service Pack 4 for various
roles and about 1600 Windows 2000 Professional desktops. MS06-040 concerns
me and we have been advised by our peers to patch immediately to prevent
something terrible happening.

On the Technet at
http://www.microsoft.com/technet/security/bulletin/MS06-040.mspx it says:

Affected Software:

.. Microsoft Windows 2000 Service Pack 4
.. Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack
2
.. Microsoft Windows XP Professional x64 Edition
.. Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service
Pack 1
.. Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
Windows Server 2003 with SP1 for Itanium-based Systems
.. Microsoft Windows Server 2003 x64 Edition

However on the Microsoft Knowledgebase article at
http://support.microsoft.com/?kbid=921883 , there is no specific mention of
Windows 2000 and all we have mentioned is:

APPLIES TO:
Microsoft Windows 2000 Service Pack 4, when used with:
Microsoft Small Business Server 2000 Standard Edition

We don't use Small Business Server 2000 so my question is, does MS06-040
apply to my Windows 2000 Servers and my Windows 2000 Professional Desktops,
all running SP4.

Secondly, if it does apply to Windows 2000 Server and Windows 2000
Professional, why arn't they mentioned on the knowledge base article?

Thanks in advance for clearing this up.

Cheers,

Neil.
System Support Engineer.
 
D

Dave Patrick

I'd call 1-866-PCSAFETY

MS product support on security related hotfixes is always free.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Hi,
|
| I haven't posted to a newsgroup for a long long time, I've searched high
and
| low and cannot see an answer to this one but sorry if this has already
been
| asked before.
|
| MS06-040: Vulnerability in Server service could allow remote code
execution.
|
| We have about 100 Windows 2000 Servers running Service Pack 4 for various
| roles and about 1600 Windows 2000 Professional desktops. MS06-040 concerns
| me and we have been advised by our peers to patch immediately to prevent
| something terrible happening.
|
| On the Technet at
| http://www.microsoft.com/technet/security/bulletin/MS06-040.mspx it says:
|
| Affected Software:
|
| . Microsoft Windows 2000 Service Pack 4
| . Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service
Pack
| 2
| . Microsoft Windows XP Professional x64 Edition
| . Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service
| Pack 1
| . Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
| Windows Server 2003 with SP1 for Itanium-based Systems
| . Microsoft Windows Server 2003 x64 Edition
|
| However on the Microsoft Knowledgebase article at
| http://support.microsoft.com/?kbid=921883 , there is no specific mention
of
| Windows 2000 and all we have mentioned is:
|
| APPLIES TO:
| Microsoft Windows 2000 Service Pack 4, when used with:
| Microsoft Small Business Server 2000 Standard Edition
|
| We don't use Small Business Server 2000 so my question is, does MS06-040
| apply to my Windows 2000 Servers and my Windows 2000 Professional
Desktops,
| all running SP4.
|
| Secondly, if it does apply to Windows 2000 Server and Windows 2000
| Professional, why arn't they mentioned on the knowledge base article?
|
| Thanks in advance for clearing this up.
|
| Cheers,
|
| Neil.
| System Support Engineer.
|
|
 
D

David H. Lipman

From: "Neil Jackson" <[email protected]>

| Hi,
|
| I haven't posted to a newsgroup for a long long time, I've searched high and
| low and cannot see an answer to this one but sorry if this has already been
| asked before.
|
| MS06-040: Vulnerability in Server service could allow remote code execution.
|
| We have about 100 Windows 2000 Servers running Service Pack 4 for various
| roles and about 1600 Windows 2000 Professional desktops. MS06-040 concerns
| me and we have been advised by our peers to patch immediately to prevent
| something terrible happening.
|
| On the Technet at
| http://www.microsoft.com/technet/security/bulletin/MS06-040.mspx it says:
|
| Affected Software:
|
| . Microsoft Windows 2000 Service Pack 4
| . Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack
| 2
| . Microsoft Windows XP Professional x64 Edition
| . Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service
| Pack 1
| . Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
| Windows Server 2003 with SP1 for Itanium-based Systems
| . Microsoft Windows Server 2003 x64 Edition
|
| However on the Microsoft Knowledgebase article at
| http://support.microsoft.com/?kbid=921883 , there is no specific mention of
| Windows 2000 and all we have mentioned is:
|
| APPLIES TO:
| Microsoft Windows 2000 Service Pack 4, when used with:
| Microsoft Small Business Server 2000 Standard Edition
|
| We don't use Small Business Server 2000 so my question is, does MS06-040
| apply to my Windows 2000 Servers and my Windows 2000 Professional Desktops,
| all running SP4.
|
| Secondly, if it does apply to Windows 2000 Server and Windows 2000
| Professional, why arn't they mentioned on the knowledge base article?
|
| Thanks in advance for clearing this up.
|
| Cheers,
|
| Neil.
| System Support Engineer.
|

Make sure UDP/TCP Ports 135 ~ 139 and 445 are blocked on the FireWall.

Exploits are through 139 and 445. The IRC MOCBOT is actively exploiting this already.

"The 4828 dat files have been released early due to the IRC-Mocbot!MS06-040 threat.

The various 4828 dat file packages can be found at
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

Best Regards,

McAfee Avert Labs - Come visit our Blog -
http://www.avertlabs.com/research/blog/ "

http://msmvps.com/blogs/harrywaldron/archive/2006/08/13/107522.aspx

Simply put, all Win2K platforms with SP4 (server and workstations OS' are vulnerable)

Win2K SP4
http://www.microsoft.com/downloads/...3d-359f-4441-a448-24062cb2387c&displaylang=en

WinXP SP1 & SP2
http://www.microsoft.com/downloads/...b6-03ff-4636-861a-46b3eac7a305&displaylang=en

Win2003 Server and with SP1
http://www.microsoft.com/downloads/...39-6dea-4dfc-9dd6-4cb45b305dec&displaylang=en
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

MS06-040: Vulnerability in Server service could allow remote code execution. 6
Microsoft Security Bulletin MS04-023 Vulnerability in HTML Help Could Allow Code Execution (840315) 1
Security Bulletin: MS04-22: Vulnerability in Task Scheduler Could Allow Code Execution (841873) 2
Critical Security Updates 3
Critical Security Bulletins 9
Critical Security Bulletins 2
OT Critical Updates 2
VML patch from Microsoft 3

Top