In default configurations, Windows XP SP2 and Windows Server 2003 SP1 do not listen on Mailslots. However, some minor and common configuration changes enable services that do utilize Mailslots for unidirectional messaging.
To exploit this vulnerability, an attacker must submit packets to a TCP port that typically contains Mailslot listeners, such as ports 135, 139, or 445 on most Windows systems. These ports are typically blocked at the network perimeter; however, this does not prevent internal exploitation or propagation, as these ports are required for normal operations.
Because Mailslots are utilized within both NBT and SMB operations, the only way to fully protect a vulnerable system is to remove it from the network. Additionally, it is very likely
that an attacker could crash an entire subnet by building and submitting certain Mailslot packets on a network's broadcast address. Exploitation under such a scenario is difficult to mitigate, as this is a normal operation.
Even though Windows XP SP2 and Windows Server 2003 SP1 have no services listening on Mailslots by default, several common modifications that make machines more network-friendly can leave these systems susceptible to attack. The installation of many network-aware applications can also render a machine vulnerable.
Administrators should note that the exploit code previously reported as available to exploit this vulnerability is actually for a separate, related vulnerability as documented in IntelliShield
Alert 11417. No exploit code currently exists for the NBT/SMB Mailslot vulnerability documented in this alert (CVE-2006-1314).
The update available from Microsoft corrects this vulnerability by performing validation on network messages before using them in memory allocation operations.