It should be noted on Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, this issue is only available locally and an attacker must have valid logon credentials.
On Windows 2000, Windows XP Service Pack 1 and Windows Server 2003, an attacker must have valid logon credentials to exploit this vulnerability. The vulnerability can however be exploited remotely to users who have standard user accounts.
According to report exploit for this vulnerability is available on the internet.
Microsoft suggested following workarounds to mitigate the attack vectors.
Block the following at the enterprise perimeter firewall:
- UDP ports 135, 137, 138, and 445, and TCP ports 135, 139, 445, and 593.
- All unsolicited inbound traffic on ports greater than 1024.
- Any other specifically configured RPC port.
- If COM Internet Services CIS or RPC over HTTPis installed block ports 80 and 443.
The information provided herein is on "as is" basis, without warranty of any kind.