Microsoft Windows SMB Server Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA38510

VERIFY ADVISORY: http://secunia.com/advisories/38510/

DESCRIPTION: Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct brute force attacks or to cause a DoS (Denial of Service).

1) An input validation error in the processing of SMB requests (Server Message Block) can be exploited to cause a buffer overflow via a specially crafted SMB packet.

Successful exploitation may allow execution of arbitrary code, but requires valid user credentials.

2) A race condition in the processing of SMB packets during the Negotiate phase can be exploited to corrupt memory and cause the system to stop accepting requests via a specially crafted SMB packet.

3) An error when verifying the “share” and “servername” fields in SMB packets can be exploited to cause the system to stop accepting requests via a specially crafted SMB packet.

4) A lack of cryptographic entropy when the SMB server generates challenges during SMB NTLM authentication can be exploited to bypass the authentication mechanism and access SMB network resources by brute forcing a valid authentication token.

SOLUTION: Apply patches.

Microsoft Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?familyid=267ce982-54a0-418f-ad52-e4963610f714

Windows XP SP2/SP3: http://www.microsoft.com/downloads/details.aspx?familyid=8f7adee3-e68e-41b3-b835-d84691774f31

Windows XP Professional x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=91ee57f2-81e5-49bd-bdfc-d3e385efc8a5

Windows Server 2003 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=3d18cbc4-ac48-458c-8aa3-90708fd854ff

Windows Server 2003 x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=7d63c95e-311a-446f-8852-dffd217a89f6

Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=ee7f8cc4-f7fd-4dc7-808c-436204ee80cb

Windows Vista (optionally with SP1 / SP2): http://www.microsoft.com/downloads/details.aspx?familyid=16494dac-553a-4de9-b751-0d6b51cb43f0

Windows Vista x64 Edition (optionally with SP1 / SP2): http://www.microsoft.com/downloads/details.aspx?familyid=cec582b3-e37f-448e-a5c3-6abdcee9e57c

Windows Server 2008 for 32-bit Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=597b2310-2cd8-4d0f-8248-781eb8b7450a

Windows Server 2008 for x64-based Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=67119fb6-e517-46f4-ab0b-2351cdc3d670

Windows Server 2008 for Itanium-based Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=f90fc0c8-babe-4224-be07-614ea7ddf102

Windows 7 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?familyid=122fc003-0651-4ad2-a5c8-a21536defad8

Windows 7 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=3e096468-db6c-45c6-bee5-eaeaa63500b5

Windows Server 2008 R2 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=dc757b6d-f0f8-4e71-ab6f-1417233eedf9

Windows Server 2008 R2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=d5b0b1eb-24f3-47ec-aba1-c1b95400189e

PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Joshua Morin, Codenomicon 2) Florian Rienhardt, BSI 4) Hernan Ochoa

ORIGINAL ADVISORY: MS10-012 (KB971468): http://www.microsoft.com/technet/security/Bulletin/MS10-012.mspx

———————————————————————-

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

———————————————————————-