Virus

W32/DCERPC!exploit.MS08067

Analysis


This indicates an attack attempt to exploit a buffer-overflow vulnerability in the Microsoft Windows Server Service (svchost.exe). An attacker who successfully exploited this vulnerability can execute arbitrary code in the affected system.
The Windows Server service exposes some vulnerable functions through SMB/RPC. These functions can be accessed without authentication by default on Windows 2000, XP and Windows server 2003. Authentication is required on Windows Vista and Windows Server 2008 by default.

References

The following links provide more information on this vulnerability:

Recommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.
    Patch
  • Download and install the patch for the Server Service Vulnerability: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx.