Intrusion Prevention

MS.Windows.SVCCTL.Service.SMB.Access

Description

This indicates a possible attempt to exploit an information disclosure vulnerability in some versions of Microsoft Windows.
The vulnerability can be exploited by using hardcoded named pipes which allow for NULL sessions using the svcctl interface. As a result a remote attacker can list installed or running services on an affected computer.

Affected Products

Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Server SP4

Impact

System compromise.
Information disclosure.

Recommended Actions

Microsoft has released patches to fix this issue. Please visit the Windows Update Center to download the patches specific to your platform.

CVE References

CVE-2005-2150