Microsoft Windows Server Service Remote Code Execution Vulnerability (MS06-040)

Technical Description



A vulnerability has been identified in Microsoft Windows, which couldbe exploited by remote attackers to take complete control of anaffected system. This flaw is due to a buffer overflow error in theServer service that does not properly handle malformed requets, whichcould be exploited by remote attackers to execute arbitrary commands bysending specially crafted packets to a vulnerable system.



Affected Products



Microsoft Windows 2000 Service Pack 4

Microsoft Windows XP Service Pack 1

Microsoft Windows XP Service Pack 2

Microsoft Windows XP Professional x64 Edition

Microsoft Windows Server 2003

Microsoft Windows Server 2003 Service Pack 1

Microsoft Windows Server 2003 (Itanium)

Microsoft Windows Server 2003 SP1 (Itanium)

Microsoft Windows Server 2003 x64 Edition



Solution



Apply patches :

http://www.microsoft.com/technet/security/Bulletin/MS06-040.mspx