Article ID: 817606
Article Last Modified on 9/27/2007
APPLIES TO
- Microsoft Windows XP Professional
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Media Center Edition 2002
- Microsoft Windows XP Tablet PC Edition
- Microsoft Windows XP Professional for Itanium-based systems
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional Edition
- Microsoft Windows 2000 Server
- Microsoft Windows NT Workstation 4.0 Developer Edition
- Microsoft Windows NT Server 4.0 Standard Edition
- Microsoft Windows NT Server 4.0, Terminal Server Edition
SYMPTOMS
Server Message Block (SMB) is the Internet standard protocol that Windows uses to share files, printers, and serial ports. Windows also uses it to communicate between computers that are using named pipes and mail slots. In a networked environment, servers make file systems and resources available to clients. Clients make SMB requests for resources, and servers make SMB responses in what is described as a client server request-response protocol.
A flaw exists in the way that the server validates the parameters of an SMB packet. When a client computer sends an SMB packet to the server, it includes specific parameters that provide the server with a set of "instructions." In this case, the server does not correctly validate the buffer length that is established by the packet. If the client specifies a buffer length that is less than what is required, it can cause the buffer to be overrun.
If attackers send a specially crafted SMB packet request, they could cause a buffer overrun to occur. If this flaw is exploited, it could lead to data corruption, system failure, or in the worst case, it could allow attackers to run the code of their choice. The attackers would have to have a valid user account and they would have to be authenticated by the server to exploit this flaw.
Mitigating factors
- Microsoft Windows Server 2003 is not affected by this vulnerability.
- By default, it is not possible to exploit this flaw anonymously. The attacker would have to be authenticated by the server before they try to send a SMB packet to it.
- If you block port 139/445 at the firewall, you can help prevent the possibility of an attack from the Internet.
RESOLUTION
Windows XP service pack information
To resolve this problem, obtain the latest service pack for Microsoft Windows XP. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
322389 How to obtain the latest Windows XP service pack
Security patch information
For more information about how to resolve this vulnerability, click the appropriate link below:
- Windows XP (all versions)
- Windows 2000 (all versions)
- Windows NT 4.0 Workstation, Windows NT 4.0 Server and Windows NT 4.0 Server, Terminal Server Edition
Windows XP (all versions)
Download information
The following files are available for download from the Microsoft Download Center:
Windows XP (all 32-Bit versions)
Download the 817606 package now.
Windows XP 64-Bit Edition Version 2002
Download the 817606 package now. Release Date: July 9, 2003
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
Prerequisites
This patch requires the released version of Windows XP or Windows XP Service Pack 1 (SP1).
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
322389 How to obtain the latest Windows XP service pack
Installation information
This patch supports the following Setup switches:
- /? : Display the list of installation switches.
- /u : Use Unattended mode.
- /f : Force other programs to quit when the computer shuts down.
- /n : Do not back up files for removal.
- /o : Overwrite OEM files without prompting.
- /z : Do not restart when the installation is complete.
- /q : Use Quiet mode (no user interaction).
- /l : List installed patches.
- /x : Extract the files without running Setup.
To verify that the patch is installed on your computer, confirm that the following registry key exists.
Windows XP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP1\KB817606
Windows XP with Service Pack 1 (SP1)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB817606
Deployment information
To install the patch without any user intervention and without forcing the computer to restart, use the /u, /q, and /z command line switches. For example, to install the Windows XP (all 32-bit versions) of the patch without any user intervention and without forcing the computer to restart, use the following command line:
817606_wxp_sp2_x86_enu /u /q /zFor information about how to deploy this patch with Software Update Services, visit the following Microsoft Web site:
Restart requirement
You must restart your computer after you apply this patch.
Removal information
To remove this patch, use the Add/Remove Programs tool in Control Panel.
System administrators can use the Spunist.exe utility to remove this patch. Spuninst.exe is in the %Windir%\$NTUninstallkbNumber$\Spuninst folder, and it supports the following Setup switches:
- /? : Display the list of installation switches.
- /u : Use unattended mode.
- /f : Force other programs to quit when the computer shuts down.
- /z : Do not restart when the installation is complete.
- /q : Use Quiet mode (no user interaction).
Patch replacement information
This patch does not replace any other patches.
File information
The English version of this patch has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size Path and File name --------------------------------------------------------------------------------------- 28-Mar-2003 19:02 5.1.2600.112 322,304 %Windir%\System32\Drivers\Srv.sys pre-SP1 i386 28-Mar-2003 15:54 5.1.2600.1193 322,048 %Windir%\System32\Drivers\Srv.sys with SP1 i386 28-Mar-2003 19:03 5.1.2600.112 1,142,016 %Windir%\System32\Drivers\Srv.sys pre-SP1 ia64 28-Mar-2003 15:55 5.1.2600.1193 1,140,480 %Windir%\System32\Drivers\Srv.sys with SP1 ia64
You can also verify the files that this patch installed by reviewing the following registry keys.
Windows XP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP1\KB817606\Filelist
Windows XP with Service Pack 1 (SP1)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB817606\Filelist
Windows 2000
Service pack information
To resolve this problem, obtain the latest service pack for Microsoft Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to obtain the latest Windows 2000 service pack
Download information
The following file is available for download from the Microsoft Download Center:
Download the 817606 package now. Release Date: July 9, 2003
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
Note Customers who are running Windows 2000 Service Pack 2 should contact Microsoft Product Support Services to obtain this additional security update.
Prerequisites
This patch requires Windows 2000 Service Pack 3 (SP3).
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to obtain the latest Windows 2000 service pack
Installation information
This patch supports the following Setup switches:
- /? : Display the list of installation switches.
- /u : Use Unattended mode.
- /f : Force other programs to quit when the computer shuts down.
- /n : Do not back up files for removal.
- /o : Overwrite OEM files without prompting.
- /z : Do not restart when the installation is complete.
- /q : Use Quiet mode (no user interaction).
- /l : List installed patches.
- /x : Extract the files without running Setup.
To verify the patch is installed on your computer, confirm that the following registry key exists:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP4\KB817606
Deployment information
To install the patch without any user intervention, use the following command line:
windows2000-kb817606-x86-enu /u /q
To install the patch without forcing the computer to restart, use the following command line:
windows2000-kb817606-x86-enu /z
Note These switches can be combined into one command line.
For information about how to deploy this patch with Software Update Services, visit the following Microsoft Web site:
Restart requirement
You must restart your computer after you apply this patch.
Removal information
To remove this patch, use the Add/Remove Programs tool in Control Panel.
System administrators can use the Spunist.exe utility to remove this patch. Spuninst.exe is in the %Windir%\$NTUninstallkbNumber$\Spuninst folder, and it supports the following Setup switches:
- /? : Display the list of installation switches.
- /u : Use unattended mode.
- /f : Force other programs to quit when the computer shuts down.
- /z : Do not restart when the installation is complete.
- /q : Use Quiet mode (no user interaction).
Patch replacement information
This patch is replaced by Windows 2000 Service Pack 4 (SP4).
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to obtain the latest Windows 2000 service pack
This patch does not replace any other patches.
File information
The English version of this patch has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size Path and File name ------------------------------------------------------------------------ 01-Apr-2003 16:30 5.0.2195.6699 237,776 %Windir%\System32\Drivers\Srv.sys 01-Apr-2003 16:31 5.0.2195.6697 74,000 %Windir%\System32\Srvsvc.dll
You can also verify the files that this patch installed by reviewing the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP4\KB817606\Filelist
Windows NT 4.0 (all versions)
Download information
The following files are available for download from the Microsoft Download Center:
Windows NT 4.0 Workstation and Windows NT 4.0 Server
Download the 817606 package now.
Windows NT 4.0 Server, Terminal Server Edition
Download the 817606 package now. Release Date: July 9, 2003
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
Prerequisites
This patch requires Windows NT 4.0 Service Pack 6a (SP6a) or Windows NT Server 4.0, Terminal Server Edition Service Pack 6 (SP6).
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
152734 How to obtain the latest Windows NT 4.0 service pack
Installation information
This patch supports the following Setup switches:
- /y : Perform removal (only with /m or /q ).
- /f : Force programs to be closed at shutdown.
- /n : Do not create an Uninstall folder.
- /z : Do not restart when patch completes.
- /q : Use Quiet or Unattended mode with no user interface (this switch is a superset of /m ).
- /m : Use Unattended mode with user interface.
- /l : List installed patches.
- /x : Extract the files without running Setup.
Deployment information
To install the patch without any user intervention, use the following command line:
q817606i /q
To install the patch without forcing the computer to restart, use the following command line:
q817606i /z
Note These switches can be combined into one command line.
For information about how to deploy this patch with Software Update Services, visit the following Microsoft Web site:
Restart requirement
You must restart your computer after you apply this patch.
Removal information
To remove this patch, use the Add/Remove Programs tool in Control Panel.
System administrators can use the Spunist.exe utility to remove this patch. Spuninst.exe is in the %Windir%\$NTUninstallkbNumber$\Spuninst folder, and it supports the following Setup switches:
- /? : Display the list of installation switches.
- /u : Use unattended mode.
- /f : Force other programs to quit when the computer shuts down.
- /z : Do not restart when the installation is complete.
- /q : Use Quiet mode (no user interaction).
Patch replacement information
This patch does not replace any other patches.
File information
The English version of this patch has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size Path and File name --------------------------------------------------------------------------------- 27-Mar-2003 15:20 4.0.1381.7214 231,312 %Windir%\System32\Drivers\Srv.sys Windows NT 4.0 27-Mar-2003 15:26 4.0.1381.33547 231,280 %Windir%\System32\Drivers\Srv.sys Windows NT 4.0, Terminal Server Edition
STATUS
Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed in the "Applies to" section.
Windows XP
This problem was first corrected in Microsoft Windows XP Service Pack 2.
MORE INFORMATION
For more information about this vulnerability, visit the following Microsoft Web site:
Additional query words: security_patch
Keywords: kbhotfixserver kbqfe atdownload kbwinxpsp2fix kbenv kbwinnt400presp7fix kbwin2ksp4fix kbwin2000presp4fix kbfix kbbug kbwinxppresp2fix kbsecvulnerability kbsecbulletin kbsecurity KB817606