Usually in the overflow after the success of the target host listening port for 4 4 4 4, which corresponds to the PID of 8 4 0(random). Without a doubt it should, and a system corresponding to the service, enter tasklist /svc 后 发现 其 对于 的 进程 是 svchost.exe the. The processes in the system have more than one, but the PID is 8 4 0. This svchost. exe process is a host process, which contains such as lanmanserver, lanmanworkstation, Netman, etc. a plurality of system services.
That in the end is which system service to trigger the vulnerability? Test, when a Computer Browser, Server, Workstation, these three system services in any one service is closed, with MS08067. exe overflow test fails
Through the above test, the visible is the three system service caused the MS08-0 6 7 vulnerability, which Microsoft vulnerabilities description“Server service handles RPC requests process in the presence of a serious vulnerability”coincide. Then these three services are doing, between each other have what relationship? server is a Windows System an important service, and its main role is to“support this computer via a Network File, Print, and named it”. And
Computer Browser service's role is to“maintain the network of computers on the update list, and will provide a list of the computer specified browse”the server's dependencies. In addition, the Workstation service's role is“to create and maintain to a remote service, the client network connection”with the Computer Browser is dependencies. The above analysis for our prevention MS08-0 6 7 vulnerability provides a ideas.
(1), the most thorough of measures, through a third-party tool to download the KB958644 patch hit on the vulnerability patch.
(2), If a user of Microsoft's patches there is wariness can take alternative measures, the Computer Browser, Server, Workstation, these three system services off, after all three services in most cases is less than.