Secunia Security Advisory - Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct brute force attacks or to cause a DoS (Denial of Service).
ed158b5e0d8f9b326366dc957840b691418249a25aab5730f1cdfedcb997bfa2----------------------------------------------------------------------
Secunia integrated with Microsoft WSUS
http://secunia.com/blog/71/
----------------------------------------------------------------------
TITLE:
Microsoft Windows SMB Server Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA38510
VERIFY ADVISORY:
http://secunia.com/advisories/38510/
DESCRIPTION:
Some vulnerabilities have been reported in Microsoft Windows, which
can be exploited by malicious users to compromise a vulnerable system
and by malicious people to conduct brute force attacks or to cause a
DoS (Denial of Service).
1) An input validation error in the processing of SMB requests
(Server Message Block) can be exploited to cause a buffer overflow
via a specially crafted SMB packet.
Successful exploitation may allow execution of arbitrary code, but
requires valid user credentials.
2) A race condition in the processing of SMB packets during the
Negotiate phase can be exploited to corrupt memory and cause the
system to stop accepting requests via a specially crafted SMB
packet.
3) An error when verifying the "share" and "servername" fields in SMB
packets can be exploited to cause the system to stop accepting
requests via a specially crafted SMB packet.
4) A lack of cryptographic entropy when the SMB server generates
challenges during SMB NTLM authentication can be exploited to bypass
the authentication mechanism and access SMB network resources by
brute forcing a valid authentication token.
SOLUTION:
Apply patches.
Microsoft Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?familyid=267ce982-54a0-418f-ad52-e4963610f714
Windows XP SP2/SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=8f7adee3-e68e-41b3-b835-d84691774f31
Windows XP Professional x64 Edition SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=91ee57f2-81e5-49bd-bdfc-d3e385efc8a5
Windows Server 2003 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=3d18cbc4-ac48-458c-8aa3-90708fd854ff
Windows Server 2003 x64 Edition SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=7d63c95e-311a-446f-8852-dffd217a89f6
Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=ee7f8cc4-f7fd-4dc7-808c-436204ee80cb
Windows Vista (optionally with SP1 / SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=16494dac-553a-4de9-b751-0d6b51cb43f0
Windows Vista x64 Edition (optionally with SP1 / SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=cec582b3-e37f-448e-a5c3-6abdcee9e57c
Windows Server 2008 for 32-bit Systems (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=597b2310-2cd8-4d0f-8248-781eb8b7450a
Windows Server 2008 for x64-based Systems (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=67119fb6-e517-46f4-ab0b-2351cdc3d670
Windows Server 2008 for Itanium-based Systems (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=f90fc0c8-babe-4224-be07-614ea7ddf102
Windows 7 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=122fc003-0651-4ad2-a5c8-a21536defad8
Windows 7 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=3e096468-db6c-45c6-bee5-eaeaa63500b5
Windows Server 2008 R2 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=dc757b6d-f0f8-4e71-ab6f-1417233eedf9
Windows Server 2008 R2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=d5b0b1eb-24f3-47ec-aba1-c1b95400189e
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Joshua Morin, Codenomicon
2) Florian Rienhardt, BSI
4) Hernan Ochoa
ORIGINAL ADVISORY:
MS10-012 (KB971468):
http://www.microsoft.com/technet/security/Bulletin/MS10-012.mspx
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed