---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Microsoft Windows Workstation Service Memory Corruption SECUNIA ADVISORY ID: SA36220 VERIFY ADVISORY: http://secunia.com/advisories/36220/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to a double free error in the Windows Workstation Service when processing RPC requests. This can be exploited to trigger a memory corruption via a specially crafted RPC request sent to an affected system. Successful exploitation may allow execution of arbitrary code. SOLUTION: Apply patches. Windows XP SP2/SP3: http://www.microsoft.com/downloads/details.aspx?familyid=9c0e5bff-c248-4e87-a83b-82ba52f5299d Windows XP Professional x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=7b64a454-d383-47e3-b469-b87e2b3c1a9f Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=9cb0477f-0656-47f5-bd35-5716e0572fbd Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=96fbf65f-1db2-432d-92a0-6669d8abaeb0 Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=11321f48-8997-4b99-982a-3ba4ad3f5992 Windows Vista (optionally with Service Pack 1 or Service Pack 2): http://www.microsoft.com/downloads/details.aspx?familyid=979ac9da-940f-49e7-91a2-b12db3708076 Windows Vista x64 Edition (optionally with Service Pack 1 or Service Pack 2): http://www.microsoft.com/downloads/details.aspx?familyid=b9aa04cc-a5c5-47ae-bf0f-250cff275d26 Windows Server 2008 for 32-bit Systems (optionally with Service Pack 2): http://www.microsoft.com/downloads/details.aspx?familyid=24c77c27-0b7d-4a35-a871-b453f90e5913 Windows Server 2008 for x64-based Systems (optionally with Service Pack 2): http://www.microsoft.com/downloads/details.aspx?familyid=48d0432e-704a-4bbb-b0a1-cd14069a8e93 Windows Server 2008 for Itanium-based Systems (optionally with Service Pack 2): http://www.microsoft.com/downloads/details.aspx?familyid=c119223c-f4e0-449b-8e7b-a6bf11c98f94 PROVIDED AND/OR DISCOVERED BY: The vendor credits Cody Pierce of TippingPoint DVLabs. ORIGINAL ADVISORY: MS09-041 (KB971657): http://www.microsoft.com/technet/security/Bulletin/MS09-041.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------