Check or Attack Name: Windows NT SMB logon DoS

Windows NT servers (including those with Service Pack 3 when all hotfixes applied) are vulnerable to a denial of service attack. When a logon request is initiated to access the SMB/CIFS service and the SMB logon packet is incorrectly processed, memory corruption results in the NT kernel. When this happens, a blue screen error message appears and the machine has to be rebooted.

Apply the following patch from Microsoft available from ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/srv-fix.

Microsoft Knowledge Base Article Q180963, Denial of Service Attack Causes Windows NT Systems to Restart, http://support.microsoft.com/support/kb/articles/Q180/9/63.asp

Network Associates, Inc. Security Advisory #25, Windows NT Logon Denial of Service, http://www.nai.com/nai_labs/asp_set/advisory/25_windows_nt_dos_adv.asp