|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Tue Apr 13 2010 - 23:16:41 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Secunia CSI
+ Microsoft SCCM
-----------------------
= Extensive Patch Management
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
----------------------------------------------------------------------
TITLE:
Microsoft Windows SMB Client Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA39372
VERIFY ADVISORY:
http://secunia.com/advisories/39372/
DESCRIPTION:
Some vulnerabilities have been reported in Microsoft Windows, which
can be exploited by malicious people to compromise a user's system.
1) A memory allocation error exists in the Microsoft Server Message
Block (SMB) client implementation when parsing SMB responses.
2) An error in the Microsoft Server Message Block (SMB) client
implementation within the handling of SMB transaction responses can
be exploited to corrupt memory via a specially crafted SMB
transaction response.
3) An error in the Microsoft Server Message Block (SMB) client
implementation when parsing SMB transaction responses can be
exploited to corrupt memory via a specially crafted SMB transaction
response.
4) An error exists in the Microsoft Server Message Block (SMB) client
implementation when handling SMB responses.
Successful exploitation of these vulnerabilities allows execution of
arbitrary code, but requires that a user is tricked into connecting
to a malicious SMB server, e.g. via a specially crafted web site.
SOLUTION:
Apply patches.
Microsoft Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?familyid=67CCAC04-E5C8-4381-9D1A-9B676DD516A6
Windows XP SP2 / SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=DEC38C02-3D4A-41C5-8954-E57F56B8FA5B
Windows XP Professional x64 Edition SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=C5A21239-A9A3-4EC5-9DE8-7D2FC16FC6B8
Windows Server 2003 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=1189304F-D626-426D-960C-A86DC2D2B528
Windows Server 2003 x64 Edition SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=52E4F66B-B76C-46A1-AEFF-74EFA21FC743
Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=B2B6D8B1-63CC-459C-B5FA-1355386273C8
Windows Vista (optionally with SP1 / SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=25EEAEB3-C0A3-4A02-9912-ACD0342648BA
Windows Vista x64 Edition (optionally with SP1 / SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=394C1CAA-97E4-47A3-9AAC-A4A88508BD31
Windows Server 2008 for 32-bit Systems (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=51C9C420-4507-4911-A8F5-82331A696882
Windows Server 2008 for x64-based Systems (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=61C26A1F-C885-4474-9843-204C41628889
Windows Server 2008 for Itanium-based Systems (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=BCF8B919-08A9-487F-8DFD-3CA24328C4F3
Windows 7 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=389184C5-9001-497D-BDF4-81F97ECB617F
Windows 7 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=F3495DAE-71F3-421D-A191-D26965F26AD1
Windows Server 2008 R2 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=CD1A046E-915D-4904-B753-5A24BE10C504
Windows Server 2008 R2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=541E9E2F-EC1D-42B2-AAE5-481C0D435169
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Mark Rabinovich of Visuality Systems Ltd.
2-4) Laurent Gaffié of stratsec
ORIGINAL ADVISORY:
MS10-020 (KB980232):
http://www.microsoft.com/technet/security/Bulletin/MS10-020.mspx
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]