Test Kennung:	1.3.6.1.4.1.25623.1.0.900965
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft Windows SMB2 Negotiation Protocol Remote Code Execution Vulnerability
Zusammenfassung:	This host is missing a critical security update according to; Microsoft Bulletin MS09-050.
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-050. Vulnerability Insight: The following vulnerabilities exist: - A denial of service vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB version 2 (SMBv2) packets. - Unauthenticated remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB packets. Vulnerability Impact: An attacker can exploit this issue to execute code with SYSTEM-level privileges. Failed exploit attempts will likely cause denial-of-service conditions. Affected Software/OS: - Microsoft Windows 7 RC - Microsoft Windows Vista - Microsoft Windows 2008 Server Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	BugTraq ID: 36299 Common Vulnerability Exposure (CVE) ID: CVE-2009-2526 Cert/CC Advisory: TA09-286A http://www.us-cert.gov/cas/techalerts/TA09-286A.html Microsoft Security Bulletin: MS09-050 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5595 Common Vulnerability Exposure (CVE) ID: CVE-2009-2532 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6336 Common Vulnerability Exposure (CVE) ID: CVE-2009-3103 http://www.securityfocus.com/bid/36299 Bugtraq: 20090908 Regarding Microsoft srv2.sys SMB2.0 NEGOTIATE BSOD (Google Search) http://www.securityfocus.com/archive/1/506300/100/0/threaded Bugtraq: 20090909 SMB SRV2.SYS Denial of Service PoC (Google Search) http://www.securityfocus.com/archive/1/506327/100/0/threaded CERT/CC vulnerability note: VU#135940 http://www.kb.cert.org/vuls/id/135940 http://www.exploit-db.com/exploits/9594 http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.html http://blog.48bits.com/?p=510 http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html http://isc.sans.org/diary.html?storyid=7093 http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1 http://osvdb.org/57799 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489 http://www.securitytracker.com/id?1022848 http://secunia.com/advisories/36623 XForce ISS Database: win-srv2sys-code-execution(53090) https://exchange.xforce.ibmcloud.com/vulnerabilities/53090
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.