ISS Coverage |
| Product |
Content Version |
Proventia Network IDS
Proventia Network IPS
Proventia Network MFS
Proventia Server (Linux)
RealSecure Network
RealSecure Server Sensor |
28.160 |
Proventia Desktop
Proventia Server IPS (Windows) |
2300 |
|
| Propagation Techniques |
ISS Protection |
Available |
|
remote exploit
malware (Gimmiv) |
MSRPC_Srvsvc_Bo
MSRPC_Srvsvc_Path_Bo
IPS signatures above and...
Mal/Generic-A (Sophos)
Troj/Gimmiv-A (Sophos)
Troj/Gimmiv-B (Sophos)
Win32.Worm.Gimmiv.A (BitDefender) |
Aug 8, 2006
Oct 27, 2008
Jan 29, 2008
Oct 23, 2008
Oct 27, 2008
Oct 23, 2008
| * Pre-emptive coverage for this issue was provided by MSRPC_Srvsvc_Bo (released Aug. 2006). MSRPC_Srvsvc_Path_Bo will identify attacks against this new vulnerability versus older vulnerabilities covered by the pre-emptive signature, MSRPC_Srvsvc_Bo.
|
|
|
Detailed Description |
| Business Impact: |
Compromise of networks and machines using affected versions of Microsoft Server Service may lead to exposure of confidential information, loss of productivity, and further network compromise. An attacker does not need to entice any kind of user interaction to trigger this vulnerability. For Windows Vista and Windows Server 2008 the attacker must be an authenticated user with access to the target network in order to exploit this vulnerability. |
| CVSS |
Base Score: |
10 |
| |
Access Vector: |
Network |
| Access Complexity: |
Low |
| Authentication: |
None |
| Confidentiality Impact: |
Complete |
| Integrity Impact: |
Complete |
| Availability Impact: |
Complete |
|
|
| Adjusted Temporal Score: |
8.7 |
| |
Exploitability: |
High |
| Remediation Level: |
Official-Fix |
| Report Confidence: |
Confirmed |
| Affected Products: |
For a full list of affected versions, see references below. |
| Technical Description: |
Microsoft Windows Server Service could allow a remote attacker to execute arbitrary code on the system, caused by a vulnerability in the Remote Procedure Call (RPC) service. By sending specially-crafted RPC requests to a vulnerable system, a remote attacker could exploit this vulnerability to execute arbitrary code and gain complete control over the affected system.
In the initial days after vulnerability disclosure, public exploitation was fairly low. Over the weekend (Nov. 22), the number of sources and attacks surpassed the 1k mark. On Mon. (Nov. 24), the number of attacks started growing exponentially, passing the 10k mark by midday on Nov. 25.
|
| Remediation: |
Patches are available for this issue. See References for details. |
|
References |
|
|
Revision History |
| 1.0 |
Initial publication. |
| 1.1 |
Updated coverage information and CVSS. |
| 1.2 |
Updated CVSS exploitability from PoC to High. |
| 1.3 |
Added substantial increase in attack activity. |
|
|
About IBM Internet Security Systems
IBM Internet Security Systems is the trusted security advisor to thousands of the world's leading businesses and governments, providing pre-emptive protection for networks, desktops and servers. An established leader in security since 1994, the IBM Proventia® integrated security platform is designed to automatically protect against both known and unknown threats, helping to keep networks up and running and shielding customers from online attacks before they impact business assets. IBM Internet Security Systems products and services are based on the proactive security intelligence of its X-Force® research and development team – the unequivocal world authority in vulnerability and threat research. The Internet Security Systems product line is also complemented by comprehensive Managed Security Services and Professional Security Services. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362.
|
