---------------------------------------------------------------------- Secunia CSI + Microsoft SCCM ----------------------- = Extensive Patch Management http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Microsoft Windows SMB Client Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39372 VERIFY ADVISORY: http://secunia.com/advisories/39372/ DESCRIPTION: Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. 1) A memory allocation error exists in the Microsoft Server Message Block (SMB) client implementation when parsing SMB responses. 2) An error in the Microsoft Server Message Block (SMB) client implementation within the handling of SMB transaction responses can be exploited to corrupt memory via a specially crafted SMB transaction response. 3) An error in the Microsoft Server Message Block (SMB) client implementation when parsing SMB transaction responses can be exploited to corrupt memory via a specially crafted SMB transaction response. 4) An error exists in the Microsoft Server Message Block (SMB) client implementation when handling SMB responses. Successful exploitation of these vulnerabilities allows execution of arbitrary code, but requires that a user is tricked into connecting to a malicious SMB server, e.g. via a specially crafted web site. SOLUTION: Apply patches. Microsoft Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?familyid=67CCAC04-E5C8-4381-9D1A-9B676DD516A6 Windows XP SP2 / SP3: http://www.microsoft.com/downloads/details.aspx?familyid=DEC38C02-3D4A-41C5-8954-E57F56B8FA5B Windows XP Professional x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=C5A21239-A9A3-4EC5-9DE8-7D2FC16FC6B8 Windows Server 2003 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=1189304F-D626-426D-960C-A86DC2D2B528 Windows Server 2003 x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=52E4F66B-B76C-46A1-AEFF-74EFA21FC743 Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=B2B6D8B1-63CC-459C-B5FA-1355386273C8 Windows Vista (optionally with SP1 / SP2): http://www.microsoft.com/downloads/details.aspx?familyid=25EEAEB3-C0A3-4A02-9912-ACD0342648BA Windows Vista x64 Edition (optionally with SP1 / SP2): http://www.microsoft.com/downloads/details.aspx?familyid=394C1CAA-97E4-47A3-9AAC-A4A88508BD31 Windows Server 2008 for 32-bit Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=51C9C420-4507-4911-A8F5-82331A696882 Windows Server 2008 for x64-based Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=61C26A1F-C885-4474-9843-204C41628889 Windows Server 2008 for Itanium-based Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=BCF8B919-08A9-487F-8DFD-3CA24328C4F3 Windows 7 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?familyid=389184C5-9001-497D-BDF4-81F97ECB617F Windows 7 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=F3495DAE-71F3-421D-A191-D26965F26AD1 Windows Server 2008 R2 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=CD1A046E-915D-4904-B753-5A24BE10C504 Windows Server 2008 R2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=541E9E2F-EC1D-42B2-AAE5-481C0D435169 PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Mark Rabinovich of Visuality Systems Ltd. 2-4) Laurent Gaffié of stratsec ORIGINAL ADVISORY: MS10-020 (KB980232): http://www.microsoft.com/technet/security/Bulletin/MS10-020.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------