Joe Budzyn [log in to unmask]
301 Computer Center Ph: (517) 355-4500 x162
Michigan State University
East Lansing, MI 48824
---------- Forwarded message ----------
Date: Tue, 27 Aug 2002 10:01:53 -0400
From: Kevin Gennuso <[log in to unmask]>
Reply-To: Windows NTBugtraq Mailing List <[log in to unmask]>
To: [log in to unmask]
Subject: MS02-045 exploit is out
I haven't seen much noise on this list about MS02-045 (Unchecked Buffer in
Network Share Provider Can Lead to Denial of Service (Q326830)), but the
implications are very nasty. Any unpatched WinNT/2K/XP or .NET machine on
your network that's listening on port 139 and/or 445 can be crashed in
about two seconds with a malformed SMB packet. I highly disagreed with
Microsoft's assessment that this was only a "moderate" threat level to
intranet and desktop systems because the exploit is so easy to perform.
It was bad enough in theory, but now a script-tot friendly GUI version of
the exploit has been posted on PacketStorm, and it works against all of
the above. You can try for yourself at
We worked through the weekend to get a large percentage of our boxen
patched - you may have to do the same.
The old "WinNuke" from the evil days of Win95 is back.
Thanks for listening,