TITLE: Microsoft Windows SMB Server Multiple Vulnerabilities Less critical Impact: Brute force, DoS, System access Where: From local network SECUNIA ADVISORY ID: SA38510 VERIFY ADVISORY: http://secunia.com/advisories/38510/ DESCRIPTION: Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct brute force attacks or to cause a DoS (Denial of Service). 1) An input validation error in the processing of SMB requests (Server Message Block) can be exploited to cause a buffer overflow via a specially crafted SMB packet. Successful exploitation may allow execution of arbitrary code, but requires valid user credentials. 2) A race condition in the processing of SMB packets during the Negotiate phase can be exploited to corrupt memory and cause the system to stop accepting requests via a specially crafted SMB packet. 3) An error when verifying the "share" and "servername" fields in SMB packets can be exploited to cause the system to stop accepting requests via a specially crafted SMB packet. 4) A lack of cryptographic entropy when the SMB server generates challenges during SMB NTLM authentication can be exploited to bypass the authentication mechanism and access SMB network resources by brute forcing a valid authentication token. SOLUTION: Apply patches. Microsoft Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?familyid=267ce982-54a0-418f-ad52-e4963610f714 Windows XP SP2/SP3: http://www.microsoft.com/downloads/details.aspx?familyid=8f7adee3-e68e-41b3-b835-d84691774f31 Windows XP Professional x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=91ee57f2-81e5-49bd-bdfc-d3e385efc8a5 Windows Server 2003 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=3d18cbc4-ac48-458c-8aa3-90708fd854ff Windows Server 2003 x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=7d63c95e-311a-446f-8852-dffd217a89f6 Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=ee7f8cc4-f7fd-4dc7-808c-436204ee80cb Windows Vista (optionally with SP1 / SP2): http://www.microsoft.com/downloads/details.aspx?familyid=16494dac-553a-4de9-b751-0d6b51cb43f0 Windows Vista x64 Edition (optionally with SP1 / SP2): http://www.microsoft.com/downloads/details.aspx?familyid=cec582b3-e37f-448e-a5c3-6abdcee9e57c Windows Server 2008 for 32-bit Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=597b2310-2cd8-4d0f-8248-781eb8b7450a Windows Server 2008 for x64-based Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=67119fb6-e517-46f4-ab0b-2351cdc3d670 Windows Server 2008 for Itanium-based Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=f90fc0c8-babe-4224-be07-614ea7ddf102 Windows 7 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?familyid=122fc003-0651-4ad2-a5c8-a21536defad8 Windows 7 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=3e096468-db6c-45c6-bee5-eaeaa63500b5 Windows Server 2008 R2 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=dc757b6d-f0f8-4e71-ab6f-1417233eedf9 Windows Server 2008 R2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=d5b0b1eb-24f3-47ec-aba1-c1b95400189e ORIGINAL ADVISORY: MS10-012 (KB971468): http://www.microsoft.com/technet/security/Bulletin/MS10-012.mspx ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-