Information About Public Postings Related to MS06-035



Hey everyone, this is Adrian Stone from the MSRC and I wanted to take a moment to clarify some recent reports about a vulnerability that was not addressed in this month’s MS06-035 security update. As soon as we heard about the posting, we initiated our Software Security Incident Response Process to investigate. We now have a good understanding of the issue and we are conducting a thorough investigation into this area of code to make sure we can deliver a security update that is complete and meets our quality bar. Here’s what we’ve found so far:


* While this appears to have beeen found after the release of MS06-035, this does not affect the same code path or functionality or vulnerability that was addressed by the update.


* Unlike some of the current speculation that we have observed, the current PoC is limited to a denial of service that would cause the target host to blue screen. At this time we have not identified any possibilities with this issue that could allow remote code execution.


* We have not observed or received any reports of the PoC being used to actively attack systems.


Some reports have said that the workarounds we detailed in MS06-035 would apply to this issue and those are accurate. Specifically, blocking unsolicited in bound traffic and to block ports 135-139 and 445 from untrusted networks.


We in the MSRC are working in conjunction with our hard working partners looking at the issue to determine next steps. We will continue to monitor the situation and if need be we will update the Blog with any breaking news right here.


I hope this clears things up with some of the details regarding the PoC posting and its relation to MS06-035.


If you think you are being attacked or impacted by the DoS we definitely want to encourage you to contact Product Support Services. You can contact Product Support Services in North America for help with security update issues or viruses at no charge using the PC Safety line (1866-PCSAFETY) and international customers by using any method found at this location: http://support.microsoft.com/security.


Thanks,


-Adrian


*This posting is provided “AS IS” with no warranties, and confers no rights.*


Comments (14)

  1. Anonymous says:

      More info on the new SMB based vulnerability and exploit which could create blue screen crashes…

  2. Anonymous says:

      More info on the new SMB based vulnerability and exploit which could create blue screen crashes…

  3. Anonymous says:

    Hey everyone, this is Adrian Stone from the MSRC and I wanted to take a moment to clarify some recent…

  4. Anonymous says:

    MSRC Blog Entry about POC of MS06-035

    Published: 2006-07-28,Last Updated: 2006-07-28 23:05:44 UTC…

  5. Anonymous says:

    Hey everyone – Adrian Stone here again, stepping in for Craig Gehre to provide a quick overview of the…

  6. Anonymous says:

    The Microsoft Security Response Center provided additional information regarding Security Bulletin MS06-040…

  7. Anonymous says:

    An excerpt from the MSRC blog…

    Also – an additional point of clarification - its important…

  8. Anonymous says:

    Hot on the heels of the MS06-040 worm, we have more bad news for Microsoft users. An email came out on Bugtraq yesterday that addresses a MS06-035 exploit which seems to be crashing machines, even after the patch is applied:…

  9. Anonymous says:

    Hot on the heels of the MS06-040 worm, we have more bad news for Microsoft users. An email came out on Bugtraq yesterday that addresses a MS06-035 exploit which seems to be crashing machines, even after the patch is applied:…