Check Point Reference: | CPAI-2004-162 |
Date Published: | 1 Dec 2009 |
Severity: | Critical |
Last Updated: | Tuesday 01 December, 2009 |
Source: | |
Industry Reference: | CVE-2004-0728 |
Protection Provided by: |
Security Gateway |
Who is Vulnerable? | |
Vulnerability Description | Microsoft's Systems Management Server (SMS) is a change and configuration management server for the Microsoft Windows platforms. One component of this system is a client utility that allows an administrator to obtain control over remote client computer. This remote assistance service is installed as a service on a client computer. The service listens for administrator connections on TCP port 2701 for general contact, reboot and ping, and on TCP port 2702 for remote control. There exists a vulnerability in the Microsoft Systems Management Server (SMS) Remote Control Service that allows an attacker to cause a denial of service condition. By using a specially crafted TCP packet, an attacker can bypass the input verification procedure and cause an invalid memory read or write. In the case of a successful attack, the service will shut down completely. This will effectively disable all functionality of the SMS. The client will be presented with an information pop-up window by the Windows operating system, alerting of this event. In the default setting of the service, the agent will have to be manually restarted to recover. The service can be optionally configured to automatically restart after a failure. |
This protection will detect and block attempts to exploit this vulnerability
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: Application Servers Protection Violation.
Attack Information: Microsoft SMS remote control service denial of service