MS-RPC: Content Indexing Service over RPC Activity
This signature detects access to the Microsoft Windows Indexing Service through Microsoft Remote Procedure Call (MS-RPC). Using MS-RPC, attackers can remotely access the indexing service without authentication and search for files on a target's hard drive. Note: The indexing service is typically disabled.
Extended Description
A vulnerability exists in Microsoft Indexing Services that may allow unauthenticated searches of the filesystem, leading to the disclosure of sensitive information. In addition, an attacker may be able to execute arbitrary code. RPC traffic referencing the Indexing Service originating from non-trusted hosts may indicate that a malicious attempt to enumerate the filesystem is underway.
Short Name
MS-RPC:INDX-SVC-ACTIVE
Severity
Minor
Recommended
False
Recommended Action
None
Category
MS-RPC
Keywords
Activity Content Indexing RPC Service over
Release Date
01/11/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown