|MA-272.022011 : MyCERT Alert - Critical Vulnerability in Microsoft Windows
Date of publication: 2011-02-17
A critical vulnerability (CVE-2011-0654) has been identified in the Microsoft Windows SMB. The vulnerability, if successfully exploited will cause the application to crash and could potentially allow an attacker to take control of the affected system.
The vulnerability exists because of a heap overflow error in the "BowserWriteErrorLogEntry()" function within the Windows NT SMB Minirdr "mrxsmb.sys" driver when processing malformed Browser Election requests. 
MyCERT is aware that the PoC code and 0day exploit, which are currently available in the Internet, is causing DOS, but some researchers did mention that they are able to produce code execution exploit out of this vulnerability.
An attacker who successfully exploits this vulnerability will be able to execute codes remotely with elevated privileges. Unsuccessful attacks may cause denial-of-service (DoS) outcomes.
3.0 Affected Products
The detail list of the vulnerable products and versions are as below:
- Microsoft Windows XP Service Pack 3
- Microsoft Windows Server 2003 Service Pack 2
As of the writing of this advisory, Microsoft has not released any security patches for this vulnerability. However, users can use the following recommendation as a temporary workaround:
4.1 Restrict access to the server's broadcast domain and block UDP ports 137, 138 and TCP ports 139, 445 at the network perimeter using firewall rules. 
MyCERT would like to advise the users of Microsoft Windows to be vigilant of the latest security announcements by Microsoft and ensure that their operating systems are automatically updated. The article on how to enable the auto update feature in Microsoft is available at the following URL:
Users may also consider using a vulnerability management tool such as Secunia to ensure that all applications are updated:
MyCERT can be reached through the following channels for further assistance:
E-mail : firstname.lastname@example.org
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT <EMAIL> <COMPLAINT> to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT