---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: Microsoft Windows SMB Client Implementation Vulnerabilities SECUNIA ADVISORY ID: SA38500 VERIFY ADVISORY: http://secunia.com/advisories/38500/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system. 1) An error exists in the Server Message Block (SMB) client-side implementation when processing certain packet fields. This can be exploited to corrupt memory and potentially execute arbitrary code via a specially crafted SMB response sent by a malicious server. 2) A race condition exists in the SMB client-side implementation when processing "Negotiate" packets. This can be exploited to potentially execute arbitrary code via a specially crafted SMB response sent by a malicious server. NOTE: This vulnerability can only be exploited to cause a crash or gain escalated privileges on Windows Vista and Windows Server 2008 platforms. Successful exploitation of the vulnerabilities requires that the user is tricked into manually connecting to a malicious SMB server or into visiting a malicious website. SOLUTION: Apply patches. Microsoft Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?familyid=80b49bab-6c2f-48a8-a901-ca3f76e4fe6b Windows XP SP2/SP3: http://www.microsoft.com/downloads/details.aspx?familyid=f6c4472e-385c-4412-bda9-c2e615e50713 Windows XP Professional x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=63e15ff0-73b3-46c9-96f8-c18977d35a10 Windows Server 2003 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=feb8c145-7c30-45fa-a6f0-8b6453ddd521 Windows Server 2003 x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=36d88c1b-814c-4371-9ed2-d4576f419fc3 Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=622442b0-cffe-4fc2-94a8-edff9d71ecd3 Windows Vista and Windows Vista SP1: http://www.microsoft.com/downloads/details.aspx?familyid=1902fc93-0f4b-4261-9da3-17d1931daf2e Windows Vista SP2: http://www.microsoft.com/downloads/details.aspx?familyid=1902fc93-0f4b-4261-9da3-17d1931daf2e Windows Vista x64 Edition and Windows Vista x64 Edition SP1: http://www.microsoft.com/downloads/details.aspx?familyid=7c2f89b5-a3b3-42cd-857d-923fe8b8f1da Windows Vista x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=7c2f89b5-a3b3-42cd-857d-923fe8b8f1da Windows Server 2008 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?familyid=09e19263-18ba-495e-bcf7-719e957204a7 Windows Server 2008 for 32-bit Systems SP2: http://www.microsoft.com/downloads/details.aspx?familyid=09e19263-18ba-495e-bcf7-719e957204a7 Windows Server 2008 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=180c2313-5e3e-4d84-87cd-64048f51e0f6 Windows Server 2008 for x64-based Systems SP2: http://www.microsoft.com/downloads/details.aspx?familyid=180c2313-5e3e-4d84-87cd-64048f51e0f6 Windows Server 2008 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=614eaf7e-95aa-4f8f-910c-1980e1f14d11 Windows Server 2008 for Itanium-based Systems SP2: http://www.microsoft.com/downloads/details.aspx?familyid=614eaf7e-95aa-4f8f-910c-1980e1f14d11 Windows 7 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?familyid=a589431a-93dc-42cd-a74e-d9c1e3452fef Windows 7 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=3c1edcf8-d304-45c4-9818-1cd86383b3fe Windows Server 2008 R2 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=ecb06350-47a7-48eb-825f-3e8f89c5ca8e Windows Server 2008 R2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=badd6cab-7738-4401-a68c-c15414388601 PROVIDED AND/OR DISCOVERED BY: The vendor credits Laurent Gaffié of stratsec. CHANGELOG: 2010-02-10: Added additional information provided by stratsec. ORIGINAL ADVISORY: Microsoft (KB978251): http://www.microsoft.com/technet/security/Bulletin/MS10-006.mspx stratsec: http://www.stratsec.net/files/SS-2010-003-stratsec-Microsoft-SMB-Heap-Overflow-Security-Advisory-v1.0.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------