Affected OS:
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
h07 has discovered a weakness in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service).
The weakness is caused due to an error in the Workstation service when handling NetrWkstaUserEnum RPC requests with a large value in the maxlen field.
Successful exploitation causes svchost.exe to consume a large amount of memory and may result in the system becoming temporarily unresponsive.
The weakness is confirmed on a fully patched Windows XP SP2 system and has also been reported in Windows 2000 SP4.
Solution: Filter NetrWkstaUserEnum RPC requests with a large maxlen value.