MS08-0 6 7 vulnerability trigger conditions-vulnerability warning-the black bar safety net

ID MYHACK58:62200820874
Type myhack58
Reporter 佚名
Modified 2008-10-30T00:00:00


Usually in the overflow after the success of the target host listening port for 4 4 4 4, which corresponds to the PID of 8 4 0(random). Without a doubt it should, and a system corresponding to the service, enter tasklist /svc 后 发现 其 对于 的 进程 是 svchost.exe the. The processes in the system have more than one, but the PID is 8 4 0. This svchost. exe process is a host process, which contains such as lanmanserver, lanmanworkstation, Netman, etc. a plurality of system services.

That in the end is which system service to trigger the vulnerability? Test, when a Computer Browser, Server, Workstation, these three system services in any one service is closed, with MS08067. exe overflow test fails

Through the above test, the visible is the three system service caused the MS08-0 6 7 vulnerability, which Microsoft vulnerabilities description“Server service handles RPC requests process in the presence of a serious vulnerability”coincide. Then these three services are doing, between each other have what relationship? server is a Windows System an important service, and its main role is to“support this computer via a Network File, Print, and named it”. And

Computer Browser service's role is to“maintain the network of computers on the update list, and will provide a list of the computer specified browse”the server's dependencies. In addition, the Workstation service's role is“to create and maintain to a remote service, the client network connection”with the Computer Browser is dependencies. The above analysis for our prevention MS08-0 6 7 vulnerability provides a ideas.

Vulnerability prevention

(1), the most thorough of measures, through a third-party tool to download the KB958644 patch hit on the vulnerability patch.

(2), If a user of Microsoft's patches there is wariness can take alternative measures, the Computer Browser, Server, Workstation, these three system services off, after all three services in most cases is less than.