Microsoft Security Advisory (911052)
Memory Allocation Denial of Service Via RPC
Published: | Updated:
Microsoft is aware of public reports of proof-of-concept code that seeks to exploit a possible vulnerability in Microsoft Windows 2000 Service Pack 4 and in Microsoft Windows XP Service Pack 1. This vulnerability could allow an attacker to perform a denial of service attack of limited duration.
On Windows 2000 Service Pack 4, an attacker could potentially exploit this vulnerability anonymously. On Windows XP Service Pack 1, an attacker must have valid logon credentials to try to exploit this vulnerability. The vulnerability could not be exploited remotely by anonymous users. However, the affected component is available remotely to users who have standard user accounts. Customers who have installed Windows XP Service Pack 2 are not affected by this vulnerability. Additionally, customers running Windows Server 2003 and Windows Server 2003 Service Pack 1 are not affected by this vulnerability.
Microsoft is not aware of active attacks that use this vulnerability or of customer impact at this time. However, Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.
Microsoft is concerned that this new report of a vulnerability in Windows 2000 Service Pack 4 and Windows XP Service Pack 1 was not disclosed responsibly, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed.
While this vulnerability was discovered by a security researcher while investigating the vulnerability addressed by Security Bulletin MS05-047, this is a completely separate vulnerability and is not related to the vulnerability discussed in MS05-047. We do continue to encourage customers to apply the MS05-047 update and all recent security updates released by Microsoft.
We continue to encourage customers to follow our Protect Your PC guidance of enabling a firewall, getting software updates, and installing antivirus software Customers can learn more about these steps by visiting Protect Your PC Web site.
- On Windows XP Service Pack 1 an attacker must have valid logon credentials to try to exploit this vulnerability. The vulnerability could not be exploited remotely by anonymous users. However, the affected component is available remotely to users who have standard user accounts. In certain configurations, anonymous users could authenticate as the Guest account. For more information, see Microsoft Security Advisory 906574.
- Customers who are running Windows XP Service Pack 2, Windows Server 2003 and Windows Server 2003 Service Pack 1 are not affected by this vulnerability.
- Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
- You can provide feedback by completing the form by visiting the following Web site.
- Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services. For more information about available support options, see the Microsoft Help and Support Web site.
- International customers can receive support from their local Microsoft subsidiaries. For more information about how to contact Microsoft for international support issues, visit the International Support Web site.
- The Microsoft TechNet Security Web site provides additional information about security in Microsoft products.
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
- November 16, 2005: Advisory published
- November 18, 2005: Advisory updated to reference a CVE and to clarify that this issue is anonymously exploitable on Windows 2000 Service Pack 4.