A exploit in the buggy OS of XP has been found, this one concering DHCP.
OS effected
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Server
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP4
Microsoft Windows XP
Microsoft Windows XP Home
Microsoft Windows XP Home SP1
Microsoft Windows XP Home SP2
Microsoft Windows XP Professional
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional SP2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Tablet PC Edition
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Tablet PC Edition SP1
Microsoft Windows XP Tablet PC Edition SP2
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Datacenter Edition 64-bit
Microsoft Windows Server 2003 Datacenter Edition 64-bit SP1
Microsoft Windows Server 2003 Datacenter Edition SP1
Microsoft Windows Server 2003 Datacenter x64 Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Enterprise Edition 64-bit
Microsoft Windows Server 2003 Enterprise Edition 64-bit SP1
Microsoft Windows Server 2003 Enterprise Edition SP1
Microsoft Windows Server 2003 Enterprise x64 Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Standard Edition SP1
Microsoft Windows Server 2003 Standard x64 Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Web Edition SP1
How to fix it or reduce your risk
Block access at the network boundary, unless it interfers with production.
Make sure only trusted networks and hosts can send DHCP requests to affected computers.
Microsoft has released patches to fix this exploit at the following addresses:
Microsoft Windows 2000 Advanced Server SP4:
Microsoft Hotfix Security Update for Windows 2000 (KB914388)
http://www.microsoft.com/downloads/details...ec-61b912d47873
Microsoft Windows 2000 Datacenter Server SP4:
Microsoft Hotfix Security Update for Windows 2000 (KB914388)
http://www.microsoft.com/downloads/details...ec-61b912d47873
Microsoft Windows 2000 Professional SP4:
Microsoft Hotfix Security Update for Windows 2000 (KB914388)
http://www.microsoft.com/downloads/details...ec-61b912d47873
Microsoft Windows 2000 Server SP4:
Microsoft Hotfix Security Update for Windows 2000 (KB914388)
http://www.microsoft.com/downloads/details...ec-61b912d47873
Microsoft Windows XP Home SP1:
Microsoft Hotfix Security Update for Windows XP (KB914388)
http://www.microsoft.com/downloads/details...b2-342f832cdecc
Microsoft Windows XP Home SP2:
Microsoft Hotfix Security Update for Windows XP (KB914388)
http://www.microsoft.com/downloads/details...b2-342f832cdecc
Microsoft Windows XP Media Center Edition SP1:
Microsoft Hotfix Security Update for Windows XP (KB914388)
http://www.microsoft.com/downloads/details...b2-342f832cdecc
Microsoft Windows XP Media Center Edition SP2:
Microsoft Hotfix Security Update for Windows XP (KB914388)
http://www.microsoft.com/downloads/details...b2-342f832cdecc
Microsoft Windows XP Professional SP1:
Microsoft Hotfix Security Update for Windows XP (KB914388)
http://www.microsoft.com/downloads/details...b2-342f832cdecc
Microsoft Windows XP Professional SP2:
Microsoft Hotfix Security Update for Windows XP (KB914388)
http://www.microsoft.com/downloads/details...b2-342f832cdecc
Microsoft Windows XP Tablet PC Edition SP1:
Microsoft Hotfix Security Update for Windows XP (KB914388)
http://www.microsoft.com/downloads/details...b2-342f832cdecc
Microsoft Windows XP Tablet PC Edition SP2:
Microsoft Hotfix Security Update for Windows XP (KB914388)
http://www.microsoft.com/downloads/details...b2-342f832cdecc
Microsoft Windows XP Professional x64 Edition :
Microsoft Hotfix Security Update for Windows XP x64 Edition (KB914388)
http://www.microsoft.com/downloads/details...c2-2eb5405e2505
Microsoft Windows Server 2003 Datacenter Edition :
Microsoft Hotfix Security Update for Windows Server 2003 (KB914388)
http://www.microsoft.com/downloads/details...23-b1b2f9dfa7a5
Microsoft Windows Server 2003 Datacenter Edition SP1:
Microsoft Hotfix Security Update for Windows Server 2003 (KB914388)
http://www.microsoft.com/downloads/details...23-b1b2f9dfa7a5
Microsoft Windows Server 2003 Enterprise Edition :
Microsoft Hotfix Security Update for Windows Server 2003 (KB914388)
http://www.microsoft.com/downloads/details...23-b1b2f9dfa7a5
Microsoft Windows Server 2003 Enterprise Edition SP1:
Microsoft Hotfix Security Update for Windows Server 2003 (KB914388)
http://www.microsoft.com/downloads/details...23-b1b2f9dfa7a5
Microsoft Windows Server 2003 Standard Edition :
Microsoft Hotfix Security Update for Windows Server 2003 (KB914388)
http://www.microsoft.com/downloads/details...23-b1b2f9dfa7a5
Microsoft Windows Server 2003 Standard Edition SP1:
Microsoft Hotfix Security Update for Windows Server 2003 (KB914388)
http://www.microsoft.com/downloads/details...23-b1b2f9dfa7a5
Microsoft Windows Server 2003 Web Edition :
Microsoft Hotfix Security Update for Windows Server 2003 (KB914388)
http://www.microsoft.com/downloads/details...23-b1b2f9dfa7a5
Microsoft Windows Server 2003 Web Edition SP1:
Microsoft Hotfix Security Update for Windows Server 2003 (KB914388)
http://www.microsoft.com/downloads/details...23-b1b2f9dfa7a5
Microsoft Windows Server 2003 Datacenter Edition 64-bit :
Microsoft Hotfix Security Update for Windows Server 2003 for Itanium-based Systems (KB914388)
http://www.microsoft.com/downloads/details...35-39323b210aa4
Microsoft Windows Server 2003 Datacenter Edition 64-bit SP1:
Microsoft Hotfix Security Update for Windows Server 2003 for Itanium-based Systems (KB914388)
http://www.microsoft.com/downloads/details...35-39323b210aa4
Microsoft Windows Server 2003 Enterprise Edition 64-bit :
Microsoft Hotfix Security Update for Windows Server 2003 for Itanium-based Systems (KB914388)
http://www.microsoft.com/downloads/details...35-39323b210aa4
Microsoft Windows Server 2003 Enterprise Edition 64-bit SP1:
Microsoft Hotfix Security Update for Windows Server 2003 for Itanium-based Systems (KB914388)
http://www.microsoft.com/downloads/details...35-39323b210aa4
Microsoft Windows Server 2003 Datacenter x64 Edition :
Microsoft Hotfix Security Update for Windows Server 2003 x64 Edition (KB914388)
http://www.microsoft.com/downloads/details...a4-991629fc1402
Microsoft Windows Server 2003 Enterprise x64 Edition :
Microsoft Hotfix Security Update for Windows Server 2003 x64 Edition (KB914388)
http://www.microsoft.com/downloads/details...a4-991629fc1402
Microsoft Windows Server 2003 Standard x64 Edition :
Microsoft Hotfix Security Update for Windows Server 2003 x64 Edition (KB914388)
http://www.microsoft.com/downloads/details...a4-991629fc1402
Source: Microsoft Security Bulletin MS06-036
URL: http://www.microsoft.com/technet/security/...n/MS06-036.mspx
