Rubã©N Santamarta

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to Server 2003 SP2 Microsoft Windows 2000 SP4 Microsoft Windows XP SP1 and SP2 **Description** The issue concerns an elevation of privilege vulnerability in the Server Message Block (SMB) driver. It allows local users to execute arbitrary code, potentially giving an attacker complete control of the affected system. This is achieved by calling the `MrxSmbCscIoctlOpenForCopyChunk` function with the `METHOD NEITHER` method flag and an arbitrary address. **Recommendations** For Microsoft Windows 2000 SP4, consider applying security patches or updates to mitigate the risk. For Microsoft Windows XP SP1 and SP2, apply the recommended security updates to resolve the issue. For versions prior to Server 2003 SP2, update to Server 2003 SP2 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the `MrxSmbCscIoctlOpenForCopyChunk` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to XP SP3 and Server 2003 SP2 **Description** The issue is related to a denial of service vulnerability in the Server Message Block (SMB) driver. It allows local users to cause a system hang by calling the MrxSmbCscIoctlCloseForCopyChunk function with the file handle of the shadow device, resulting in a deadlock. This could allow an attacker to cause an affected system to stop responding. **Recommendations** For Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the MrxSmbCscIoctlCloseForCopyChunk function to minimize the risk of exploitation.