=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2008/VULN505
_____________________________________________________________________

DATE                      : 12/11/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows running Microsoft SMB Protocol.

======================================================================
KB957097
http://www.microsoft.com/technet/security/bulletin/ms08-068.mspx
______________________________________________________________________

Microsoft Security Bulletin MS08-068  Important

Vulnerability in SMB Could Allow Remote Code Execution (957097)

   Published: November 11, 2008

   Version: 1.0

General Information

Executive Summary

   This security update resolves a publicly disclosed vulnerability in
   Microsoft Server Message Block (SMB) Protocol. The vulnerability could
   allow remote code execution on affected systems. An attacker who
   successfully exploited this vulnerability could install programs; view,
   change, or delete data; or create new accounts with full user rights.

   This security update is rated Important for all supported editions of
   Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Moderate
   for all supported editions of Windows Vista and Windows Server 2008.

   The security update addresses the vulnerability by modifying the way that
   SMB authentication replies are validated to prevent the replay of
   credentials.

   Recommendation. Microsoft recommends that customers apply the update at
   the earliest opportunity.


Affected Software

   o Microsoft Windows 2000 Service Pack 4
   o Windows XP Service Pack 2
   o Windows XP Service Pack 3
   o Windows XP Professional x64 Edition and Windows XP Professional x64
     Edition Service Pack 2
   o Windows Server 2003 Service Pack 1 and Windows Server 2003 Service
     Pack 2
   o Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
     Service Pack 2
   o Windows Server 2003 with SP1 for Itanium-based Systems and Windows
     Server 2003 with SP2 for Itanium-based Systems
   o Windows Vista and Windows Vista Service Pack 1
   o Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
   o Windows Server 2008 for 32-bit Systems*
   o Windows Server 2008 for x64-based Systems*
   o Windows Server 2008 for Itanium-based Systems

   *Windows Server 2008 Server Core installation not affected

Vulnerability Information

SMB Credential Reflection Vulnerability - CVE-2008-4037

A remote code execution vulnerability exists in the way that Microsoft
Server Message Block (SMB) Protocol handles NTLM credentials when a user
connects to an attacker's SMB server. This vulnerability allows an
attacker to replay the user's credentials back to them and execute code in
the context of the logged-on user. If a user is logged on with
administrative user rights, an attacker who successfully exploited this
vulnerability could take complete control of an affected system.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================