[Dshield] New critical Windows vulnerabilities

Bjorn Stromberg bjorn at thechemistrylab.com
Wed Oct 15 21:44:38 GMT 2003


----- Original Message ----- 
From: "warpmedia" <warpmedia at comcast.net>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Wednesday, October 15, 2003 2:54 PM
Subject: Re: [Dshield] New critical Windows vulnerabilities


> If it doesn't affect Trillian pro 2, then not me! =)
>
> This after they changed the protocol causing havoc with 3rd party clients?
> tsk tsk.

Windows Messenger is a service that allows Windows to pop up messages to
tell you things via the network, I.E. Net send, popup spam, etc.

It has nothing to do with MSN Messenger.

Hopefully everyone is already pissed that they get Messenger Spam and have
netbios disabled, messenger disabled & ports blocked.

If I recall correctly... it was possible to get messenger traffic through
even if you blocked 135 - 139 because the data portion of the traffic was
accepted some ports directly above 1024 (1025-1027 if memory serves). While
I'm not sure if this vulnerability is valid on ports other than 137-139 I
would assume any communication with Windows Messenger is vulnerable.

It's not good enough to leave the messenger service enabled, the netbios
interface enabled and just block ports 135 - 139, you must disable the
service and disable netbios.


Bjorn Stromberg




More information about the list mailing list