GEN:SID 1:2986
Message NETBIOS SMB-DS winreg andx create tree attempt
Summary This event is generated when an attempt is made to create an AndX entry
via SMB.
Impact Unknown.
Detailed Information This event is generated when an attempt is made to create an AndX entry
via SMB.
Affected Systems Windows systems
Attack Scenarios An attacker may attempt to bind to the service to manipulate host
settings then create an entry in the winreg service.
Ease of Attack Simple.
Corrective Action Block access to RPC ports 135, 139 and 445 for both TCP and UDP
protocols from external sources using a packet filtering firewall.
Additional References Microsoft Technet
http://support.microsoft.com/support/kb/articles/q153/1/83.asp
CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0562
Winreg
http://www.rutherfurd.net/python/winreg/