Windows Vista and Windows Server 2008 SMBv2 Remote Code Execution
15 Oct. 2009
Summary
Server Message Block Version 2 (SMBv2) could allow remote code execution if an attacker sent a specially crafted SMB packet to a Windows Vista or Windows Server 2008 computer running the Server service.
Vulnerable Systems:
* Windows Vista
* Windows Vista x64 Edition
* Windows Server 2008
* Windows Server 2008 for x64-based Systems
* Windows Server 2008 for Itanium-based Systems
Immune Systems:
* Windows Server 2008 R2 for x64-based Systems
* Windows Server 2008 R2 for Itanium-based Systems
This security update resolves one publicly disclosed and two privately reported vulnerabilities in Server Message Block Version 2 (SMBv2). The most severe of the vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB packet to a computer running the Server service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
This security update is rated Critical for supported editions of Windows Vista and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses the vulnerabilities by correctly validating the fields inside the SMBv2 packets, correcting the way that SMB handles the command value in SMB packets, and correcting the way that SMB parses specially crafted SMB packets. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
