W32/DCERPC!exploit.MS08067

description-logoAnalysis


This indicates an attack attempt to exploit a buffer-overflow vulnerability in the Microsoft Windows Server Service (svchost.exe). An attacker who successfully exploited this vulnerability can execute arbitrary code in the affected system.
The Windows Server service exposes some vulnerable functions through SMB/RPC. These functions can be accessed without authentication by default on Windows 2000, XP and Windows server 2003. Authentication is required on Windows Vista and Windows Server 2008 by default.

References

The following links provide more information on this vulnerability:

recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.
    Patch
  • Download and install the patch for the Server Service Vulnerability: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx.

Telemetry logoTelemetry

Detection Availability

FortiClient
Extreme
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR