It’s here.
Vulnerability Description
Microsoft Windows Server service (SRVSVS) provides RPC support, file print support and named pipe sharing over the network. Buffer overflow in the Server Service in multiple versions of Microsoft Windows allows remote attackers to execute arbitrary code via a crafted RPC message containing malformed parameters. The vulnerability is being actively exploited.
Vulnerability Details
The vulnerability can be triggered by supplying a crafted RPC request containing malformed parameters to some of the API functions offered by the Server service (port 139/TCP or 445/TCP). Successful exploitation could grant an attacker complete control of an affected system.
Protection Overview
Supplying malformed parameters to some of the API functions offered of the Server service (SRVSVC) might allow remote attackers to take complete control of a vulnerable system.
By enabling the protection, SmartDefense will block MS-RPC Server service (SRVSVC) requests that contain malformed parameters.
My Cisco rep is telling me that I don’t need this type of enforcement at the gateway level if I am using CSA. Well I am not using CSA, and it would be pretty hard for me to roll that out to several thousand users. I think my approach will be SmartDefense, and then patching the workstations as soon as I can.
Very nice site! Good work.