Intrusion Prevention

MS.Windows.RRAS.DoS

Description

This indicates an attempt to exploit a denial of service vulnerability in the RRAS service of Microsoft Windows.
The vulnerability is a result of a NULL pointer dereference error in the Routing and Remote Access Service (RRAS), which occurs when processing specially crafted requests. A remote attacker can exploit this to crash a vulnerable system, creating a denial of service condition.

Affected Products

Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 (Itanium)
Microsoft Windows Server 2003 SP1 (Itanium)
Microsoft Windows Server 2003 x64 Edition

Impact

Denial of Service.

Recommended Actions

Restrict access to UDP ports 135, 137, 138, and 445, and TCP ports 135, 139, 445, and 593.