Windows Workstation Service NetrWkstaUserEnum Denial of Service

Affected OS:
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

h07 has discovered a weakness in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service).

The weakness is caused due to an error in the Workstation service when handling NetrWkstaUserEnum RPC requests with a large value in the maxlen field.

Successful exploitation causes svchost.exe to consume a large amount of memory and may result in the system becoming temporarily unresponsive.

The weakness is confirmed on a fully patched Windows XP SP2 system and has also been reported in Windows 2000 SP4.

Solution:  Filter NetrWkstaUserEnum RPC requests with a large maxlen value.

Leave a Reply