=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN238
_____________________________________________________________________

DATE                      : 10/05/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows 2000, Windows XP, Windows Server 2003.

======================================================================

MS06-018 - Vulnerability in Microsoft Distributed Transaction Coordinator
Could Allow Denial of Service (913580)

Affected Software:
	- Microsoft Windows 2000 Service Pack 4
	- Microsoft Windows XP Service Pack 1
	  and Microsoft Windows XP Service Pack 2
	- Microsoft Windows Server 2003
	- Microsoft Windows Server 2003 for Itanium-based Systems

Non-Affected Software:
	- Microsoft Windows XP Professional x64 Edition
	- Microsoft Windows Server 2003 Service Pack 1
	- Microsoft Windows Server 2003 x64 Edition
	- Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
	- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE),
	  and Microsoft Windows Millennium Edition (Me)

Full MS06-018 advisory:
http://www.microsoft.com/technet/security/Bulletin/MS06-018.mspx

Vulnerability Details

MSDTC Invalid Memory Access Vulnerability - CVE-2006-0034:

	A denial of service vulnerability exists that could allow an
	attacker to send a specially crafted network message to an
	affected system. An attacker could cause the Microsoft Distributed
	Transaction Coordinator (MSDTC) to stop responding. Note that
	the denial of service vulnerability would not allow an attacker
	to execute code or to elevate their user rights, but it could
	cause the affected system to stop accepting requests.

	
MSDTC Denial of Service Vulnerability - CVE-2006-1184:

	A denial of service vulnerability exists that could allow an
	attacker to send a specially crafted network message to an
	affected system. An attacker could cause the Microsoft Distributed
	Transaction Coordinator (MSDTC) to stop responding. Note that
	the denial of service vulnerability would not allow an attacker
	to execute code or to elevate their user rights, but it could
	cause the affected system to stop accepting requests.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================