Friday, August 11, 2006

MS06-040 Pops Up Again - "Microsoft Security Advisory 922437"

The importance of installing MS06-40 cannot be stressed strongly enough. If you are having problems with the update, Microsoft has a toll-free number available. It is available 24 hours a day for the U.S. and Canada. Call: 1-866-PCSAFETY (1-866-727-2338)

For support outside the United States and Canada, please contact your Microsoft Help and Support worldwide. Go to
Microsoft Security Home and choose your region from the box in the upper right corner.

There are steps you can take in the meantime if unable to get the update. First and foremost, have a firewall on your PC. Next, block TCP ports 139 and 445, inbound and outbound. (Microsoft has additional information on TCP/IP filtering here.) To test your firewall, go to and run Shields UP!

For complete information, see Microsoft
Security Advisory 922437, "Exploit Code Published Affecting the Server Service", Published 11August2006:
Microsoft is aware that detailed exploit code has been published on the Internet for the vulnerability that is addressed by Microsoft security bulletin MS06-040. Microsoft has verified the published exploit code to work on Windows 2000 and Windows XP Service Pack 1 only; this code does not affect Windows XP Service Pack 2, Windows Server 2003, or Windows Server 2003 Service Pack 1. At this time our investigation of this exploit code has verified that it does not affect customers who have installed the update detailed in MS06-040.


Customers who believe they have been attacked should contact their local FBI office or report their situation to Customers outside the U.S. should contact the national law enforcement agency in their country

Mitigating Factors:

Customers who have installed the MS06-040 security update are not affected by this vulnerability.

While installation of the update is the recommended action, customers who have applied the mitigations as identified in MS06-040 will have minimized their exposure and potential exploitability against an attack.

No comments: