Executive Summary

Summary
Title Memory Allocation Denial of Service Via RPC
Informations
Name KB911052 First vendor Publication 2005-11-16
Vendor Microsoft Last vendor Modification 2005-11-18
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft is aware of public reports of proof-of-concept code that seeks to exploit a possible vulnerability in Microsoft Windows 2000 Service Pack 4 and in Microsoft Windows XP Service Pack 1. This vulnerability could allow an attacker to perform a denial of service attack of limited duration.

On Windows 2000 Service Pack 4, an attacker could potentially exploit this vulnerability anonymously.On Windows XP Service Pack 1, an attacker must have valid logon credentials to try to exploit this vulnerability. The vulnerability could not be exploited remotely by anonymous users. However, the affected component is available remotely to users who have standard user accounts. Customers who have installed Windows XP Service Pack 2 are not affected by this vulnerability. Additionally, customers running Windows Server 2003 and Windows Server 2003 Service Pack 1 are not affected by this vulnerability.

Microsoft is not aware of active attacks that use this vulnerability or of customer impact at this time. However, Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.

Microsoft is concerned that this new report of a vulnerability in Windows 2000 Service Pack 4 and Windows XP Service Pack 1 was not disclosed responsibly, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed.

While this vulnerability was discovered by a security researcher while investigating the vulnerability addressed by Security Bulletin MS05-047, this is a completely separate vulnerability and is not related to the vulnerability discussed in MS05-047. We do continue to encourage customers to apply the MS05-047 update and all recent security updates released by Microsoft.

We continue to encourage customers to follow our Protect Your PC guidance of enabling a firewall, getting software updates, and installing antivirus software Customers can learn more about these steps by visiting Protect Your PC Web site.

Mitigating Factors:

On Windows XP Service Pack 1 an attacker must have valid logon credentials to try to exploit this vulnerability. The vulnerability could not be exploited remotely by anonymous users. However, the affected component is available remotely to users who have standard user accounts. In certain configurations, anonymous users could authenticate as the Guest account. For more information, see Microsoft Security Advisory 906574.

Customers who are running Windows XP Service Pack 2, Windows Server 2003 and Windows Server 2003 Service Pack 1 are not affected by this vulnerability.

Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

What is the scope of the advisory?
Microsoft has been made aware of a new memory allocation denial of service vulnerability in Microsoft Windows. This affects the software that is listed in the “Overview” section.

What is remote procedure call (RPC)?Remote procedure call (RPC) is a protocol that is used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program that is running on one computer to seamlessly access services on another computer. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft-specific extensions.

Is this a security vulnerability that requires Microsoft to issue a security update?
At this point, the issue is still under investigation. After the investigation is complete, a security update may be released for this issue.

What causes this threat?
An attacker can send specially crafted malicious packets to a vulnerable machine, which would potentially result in a denial of service condition of limited duration.

What might an attacker use this function to do?
An attacker can send specially crafted malicious packets to a vulnerable machine which would potentially result in a Denial of Service condition of limited duration.

Original Source

Url : http://www.microsoft.com/technet/security/advisory/911052.mspx

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 5
Os 8

Open Source Vulnerability Database (OSVDB)

Id Description
20916 Microsoft Windows UPnP GetDeviceList Remote DoS

Snort® IPS/IDS

Date Description
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX andx dos attempt
RuleID : 4981 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetDeviceList unicode little endian andx dos attempt
RuleID : 4980 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX unicode andx dos attempt
RuleID : 4979 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetDeviceList unicode little endian andx dos attempt
RuleID : 4978 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetDeviceList little endian andx dos attempt
RuleID : 4977 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetDeviceList little endian andx dos attempt
RuleID : 4976 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetDeviceList WriteAndX andx dos attempt
RuleID : 4975 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetDeviceList andx dos attempt
RuleID : 4974 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetDeviceList andx dos attempt
RuleID : 4973 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetDeviceList unicode andx dos attempt
RuleID : 4972 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode little endian andx dos at...
RuleID : 4971 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX little endian andx dos attempt
RuleID : 4970 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetDeviceList unicode little endian andx dos attempt
RuleID : 4969 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetDeviceList unicode andx dos attempt
RuleID : 4968 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode little endian andx dos...
RuleID : 4967 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode andx dos attempt
RuleID : 4966 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX little endian andx dos attempt
RuleID : 4965 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetDeviceList unicode little endian andx dos attempt
RuleID : 4964 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX andx dos attempt
RuleID : 4963 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetDeviceList little endian andx dos attempt
RuleID : 4962 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode andx dos attempt
RuleID : 4961 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetDeviceList unicode andx dos attempt
RuleID : 4960 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX unicode little endian andx dos at...
RuleID : 4959 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetDeviceList WriteAndX unicode andx dos attempt
RuleID : 4958 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetDeviceList WriteAndX little endian andx dos attempt
RuleID : 4957 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetDeviceList little endian andx dos attempt
RuleID : 4956 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetDeviceList WriteAndX unicode little endian andx dos attempt
RuleID : 4955 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetDeviceList unicode andx dos attempt
RuleID : 4954 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX andx dos attempt
RuleID : 4953 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX little endian andx dos attempt
RuleID : 4952 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetDeviceList andx dos attempt
RuleID : 4951 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetDeviceList andx dos attempt
RuleID : 4950 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX dos attempt
RuleID : 4949 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetDeviceList unicode little endian dos attempt
RuleID : 4948 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX unicode dos attempt
RuleID : 4947 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetDeviceList unicode little endian dos attempt
RuleID : 4946 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetDeviceList little endian dos attempt
RuleID : 4945 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetDeviceList little endian dos attempt
RuleID : 4944 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetDeviceList WriteAndX dos attempt
RuleID : 4943 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetDeviceList dos attempt
RuleID : 4942 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetDeviceList dos attempt
RuleID : 4941 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetDeviceList unicode dos attempt
RuleID : 4940 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode little endian dos attempt
RuleID : 4939 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX little endian dos attempt
RuleID : 4938 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetDeviceList unicode little endian dos attempt
RuleID : 4937 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetDeviceList unicode dos attempt
RuleID : 4936 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode little endian dos attempt
RuleID : 4935 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode dos attempt
RuleID : 4934 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX little endian dos attempt
RuleID : 4933 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetDeviceList unicode little endian dos attempt
RuleID : 4932 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX dos attempt
RuleID : 4931 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetDeviceList little endian dos attempt
RuleID : 4930 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode dos attempt
RuleID : 4929 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetDeviceList unicode dos attempt
RuleID : 4928 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX unicode little endian dos attempt
RuleID : 4927 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetDeviceList WriteAndX unicode dos attempt
RuleID : 4926 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetDeviceList WriteAndX little endian dos attempt
RuleID : 4925 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetDeviceList little endian dos attempt
RuleID : 4924 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetDeviceList WriteAndX unicode little endian dos attempt
RuleID : 4923 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetDeviceList unicode dos attempt
RuleID : 4922 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX dos attempt
RuleID : 4921 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX little endian dos attempt
RuleID : 4920 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetDeviceList dos attempt
RuleID : 4919 - Revision : 5 - Type : NETBIOS
2014-01-10 DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList dos attempt
RuleID : 4918 - Revision : 17 - Type : OS-WINDOWS
2014-01-10 SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode andx attempt
RuleID : 4889 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetRootDeviceInstance andx attempt
RuleID : 4888 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode little endian ...
RuleID : 4887 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance little endian andx attempt
RuleID : 4886 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetRootDeviceInstance little endian andx attempt
RuleID : 4885 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX little endian andx att...
RuleID : 4884 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX little endian andx attempt
RuleID : 4883 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode andx attempt
RuleID : 4882 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance andx attempt
RuleID : 4881 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX andx attempt
RuleID : 4880 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetRootDeviceInstance andx attempt
RuleID : 4879 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX andx attempt
RuleID : 4878 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance unicode little endian andx attempt
RuleID : 4877 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance unicode andx attempt
RuleID : 4876 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX little endian andx attempt
RuleID : 4875 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode little endian and...
RuleID : 4874 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetRootDeviceInstance unicode little endian andx attempt
RuleID : 4873 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX little endian andx attempt
RuleID : 4872 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetRootDeviceInstance unicode andx attempt
RuleID : 4871 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode little endian and...
RuleID : 4870 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetRootDeviceInstance unicode andx attempt
RuleID : 4869 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX andx attempt
RuleID : 4868 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetRootDeviceInstance little endian andx attempt
RuleID : 4867 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetRootDeviceInstance andx attempt
RuleID : 4866 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX andx attempt
RuleID : 4865 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode andx attempt
RuleID : 4864 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetRootDeviceInstance little endian andx attempt
RuleID : 4863 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode andx attempt
RuleID : 4862 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetRootDeviceInstance unicode andx attempt
RuleID : 4861 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode little endian andx a...
RuleID : 4860 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetRootDeviceInstance unicode little endian andx attempt
RuleID : 4859 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetRootDeviceInstance unicode little endian andx attempt
RuleID : 4858 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode attempt
RuleID : 4857 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetRootDeviceInstance attempt
RuleID : 4856 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode little endian ...
RuleID : 4855 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance little endian attempt
RuleID : 4854 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetRootDeviceInstance little endian attempt
RuleID : 4853 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX little endian attempt
RuleID : 4852 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX little endian attempt
RuleID : 4851 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode attempt
RuleID : 4850 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance attempt
RuleID : 4849 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX attempt
RuleID : 4848 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetRootDeviceInstance attempt
RuleID : 4847 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX attempt
RuleID : 4846 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance unicode little endian attempt
RuleID : 4845 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance unicode attempt
RuleID : 4844 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX little endian attempt
RuleID : 4843 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode little endian att...
RuleID : 4842 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetRootDeviceInstance unicode little endian attempt
RuleID : 4841 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX little endian attempt
RuleID : 4840 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetRootDeviceInstance unicode attempt
RuleID : 4839 - Revision : 5 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode little endian att...
RuleID : 4838 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetRootDeviceInstance unicode attempt
RuleID : 4837 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX attempt
RuleID : 4836 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetRootDeviceInstance little endian attempt
RuleID : 4835 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetRootDeviceInstance attempt
RuleID : 4834 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX attempt
RuleID : 4833 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode attempt
RuleID : 4832 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB-DS umpnpmgr PNP_GetRootDeviceInstance little endian attempt
RuleID : 4831 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode attempt
RuleID : 4830 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB v4 umpnpmgr PNP_GetRootDeviceInstance unicode attempt
RuleID : 4829 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode little endian attempt
RuleID : 4828 - Revision : 6 - Type : NETBIOS
2014-01-10 SMB umpnpmgr PNP_GetRootDeviceInstance unicode little endian attempt
RuleID : 4827 - Revision : 6 - Type : NETBIOS
2014-01-10 DCERPC NCACN-IP-TCP umpnpmgr PNP_GetRootDeviceInstance attempt
RuleID : 4826 - Revision : 15 - Type : OS-WINDOWS
2014-01-10 DCERPC NCACN-IP-TCP srvsvc NetrDfsCreateExitPoint dos attempt
RuleID : 17702 - Revision : 12 - Type : OS-WINDOWS

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-01-19 21:29:41
  • Multiple Updates
2013-05-11 12:20:20
  • Multiple Updates