Microsoft Windows SMB Server Multiple Vulnerabilities ( 11 August 2010 )

Last Update Date: 28 Jan 2011 Release Date: 11 Aug 2010 4289 Views

RISK: Medium Risk

1. SMB Pool Overflow Vulnerability

An unauthenticated remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB packets. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted network message to a computer running the Server service. An attacker who successfully exploited this vulnerability could take complete control of the system.

2. SMB Variable Validation Vulnerability

A denial of service vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB packets. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted network message to a computer running the Server service.

3. SMB Stack Exhaustion Vulnerability

A denial of service vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB compounded requests. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted network message to a computer running the Server service.

Impact

Elevation of Privilege
Remote Code Execution

System / Technologies affected

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch

Microsoft Windows SMB Server Multiple Vulnerabilities ( 11 August 2010 )

Impact

System / Technologies affected

Solutions

Vulnerability Identifier

Source

Related Link