---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: Microsoft Windows SMB Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38510 VERIFY ADVISORY: http://secunia.com/advisories/38510/ DESCRIPTION: Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct brute force attacks or to cause a DoS (Denial of Service). 1) An input validation error in the processing of SMB requests (Server Message Block) can be exploited to cause a buffer overflow via a specially crafted SMB packet. Successful exploitation may allow execution of arbitrary code, but requires valid user credentials. 2) A race condition in the processing of SMB packets during the Negotiate phase can be exploited to corrupt memory and cause the system to stop accepting requests via a specially crafted SMB packet. 3) An error when verifying the "share" and "servername" fields in SMB packets can be exploited to cause the system to stop accepting requests via a specially crafted SMB packet. 4) A lack of cryptographic entropy when the SMB server generates challenges during SMB NTLM authentication can be exploited to bypass the authentication mechanism and access SMB network resources by brute forcing a valid authentication token. SOLUTION: Apply patches. Microsoft Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?familyid=267ce982-54a0-418f-ad52-e4963610f714 Windows XP SP2/SP3: http://www.microsoft.com/downloads/details.aspx?familyid=8f7adee3-e68e-41b3-b835-d84691774f31 Windows XP Professional x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=91ee57f2-81e5-49bd-bdfc-d3e385efc8a5 Windows Server 2003 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=3d18cbc4-ac48-458c-8aa3-90708fd854ff Windows Server 2003 x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=7d63c95e-311a-446f-8852-dffd217a89f6 Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=ee7f8cc4-f7fd-4dc7-808c-436204ee80cb Windows Vista (optionally with SP1 / SP2): http://www.microsoft.com/downloads/details.aspx?familyid=16494dac-553a-4de9-b751-0d6b51cb43f0 Windows Vista x64 Edition (optionally with SP1 / SP2): http://www.microsoft.com/downloads/details.aspx?familyid=cec582b3-e37f-448e-a5c3-6abdcee9e57c Windows Server 2008 for 32-bit Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=597b2310-2cd8-4d0f-8248-781eb8b7450a Windows Server 2008 for x64-based Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=67119fb6-e517-46f4-ab0b-2351cdc3d670 Windows Server 2008 for Itanium-based Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=f90fc0c8-babe-4224-be07-614ea7ddf102 Windows 7 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?familyid=122fc003-0651-4ad2-a5c8-a21536defad8 Windows 7 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=3e096468-db6c-45c6-bee5-eaeaa63500b5 Windows Server 2008 R2 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=dc757b6d-f0f8-4e71-ab6f-1417233eedf9 Windows Server 2008 R2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=d5b0b1eb-24f3-47ec-aba1-c1b95400189e PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Joshua Morin, Codenomicon 2) Florian Rienhardt, BSI 4) Hernan Ochoa ORIGINAL ADVISORY: MS10-012 (KB971468): http://www.microsoft.com/technet/security/Bulletin/MS10-012.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------