Description

A remote code execution vulnerability exists in the Indexing Service because of the way that it handles query validation. An attacker could exploit the vulnerability by constructing a malicious query that could potentially allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. While remote code execution is possible, an attack would most likely result in a denial of service condition.

Workarounds

1. Block UDP ports 137 and 138 and TCP ports 139 and 445 at firewalls

2. Block the affected ports by using IPSec on the affected systems.

3. Remove the Indexing Service if you do not need it.

Solution

Customers should consider applying the security update, as listed in Microsoft Security Bulletin MS05-003.

Reference: CAN-2004-0897

BSST, Broadweb Security Service Team