A security vulnerability exists in the Windows Workstation service WKSSVC.DLL that could allow remote code execution on an affected system. This vulnerability results because of an unchecked buffer in the Windows Workstation service. If exploited, an attacker could take any action on the system, including installing programs, viewing data, changing data, or deleting data, or creating new accounts with full privileges.
An attacker could gain System privileges on an affected system, or could cause the Workstation service to fail.
These workarounds help block known attack vectors, however they will not correct the underlying vulnerability, for correcting the vulnerability refer to solution.
- Block UDP ports 138, 139, 445 and TCP ports 138, 139, 445 at firewall level.
- Use a personal firewall such as Internet Connection Firewall, which is included with Windows XP.
- Enable advanced TCP/IP filtering on Windows 2000-based systems and on Windows XP-based systems.
- Disable the Workstation service.
Impact of Workaround:
If the Workstation service is disabled, the system cannot connect to any shared file resources or shared print resources on a network. Only use this workaround on stand-alone systems such as many home systems that do not connect to a network. If the Workstation service is disabled, any services that explicitly depend on the Workstation service do not start, and an error message is logged in the system event log. The following services depend on the Workstation service:
These services are required to access resources on a network and to perform domain authentication. Internet connectivity and browsing for stand-alone systems, such as users on dial-up connections, on DSL connections, or on cable modem connections, should not be affected if these services are disabled.
Note: The Microsoft Baseline Security Analyzer will not function if the Workstation service is disabled. It is possible that other applications may also require the Workstation service. If an application requires the Workstation service, simply re-enable the service.
The information provided herein is on "as is" basis, without warranty of any kind.