=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN330
_____________________________________________________________________

DATE                      : 14/06/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows 2000, Windows XP, Windows Server 2003.

======================================================================

MS06-030 - Vulnerability in Server Message Block Could
Allow Elevation of Privilege (914389)

Affected Software:
	- Microsoft Windows 2000 Service Pack 4
	- Microsoft Windows XP Service Pack 1
	  and Microsoft Windows XP Service Pack 2
	- Microsoft Windows XP Professional x64 Edition
	- Microsoft Windows Server 2003
	  and Microsoft Windows Server 2003 Service Pack 1
	- Microsoft Windows Server 2003 for Itanium-based Systems
	  and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
	- Microsoft Windows Server 2003 x64 Edition

Non-Affected Software:
	- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE),
	  and Microsoft Windows Millennium Edition (Me)

Full MS06-030 advisory:
http://www.microsoft.com/technet/security/bulletin/ms06-030.mspx

Vulnerability Details

SMB Driver Elevation of Privilege Vulnerability - CVE-2006-2373

	There is an elevation of privilege vulnerability in Server Message
	Block (SMB) that could allow an attacker who successfully exploited
	this vulnerability to take complete control of the affected system.

SMB Invalid Handle Vulnerability - CVE-2006-2374

	There is denial of service vulnerability in Server Message Block (SMB)
	that could allow an attacker who successfully exploited this
	vulnerability to cause an affected system to stop responding.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================