=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN015
_____________________________________________________________________

DATE                      : 14/01/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows 2000, Windows XP, Windows Server 2003,
                              Windows Vista, Windows Server 2008.

======================================================================
http://www.microsoft.com/technet/security/Bulletin/MS09-001.mspx
______________________________________________________________________

Microsoft Security Bulletin MS09-001 - Critical

Vulnerabilities in SMB Could Allow Remote Code Execution (958687)

   Published: January 13, 2009

   Version: 1.0

General Information

Executive Summary

   This security update resolves two privately reported vulnerabilities and
   one publicly disclosed vulnerability in Microsoft Server Message Block
   (SMB) Protocol. The vulnerabilities could allow remote code execution on
   affected systems. An attacker who successfully exploited these
   vulnerabilities could install programs; view, change, or delete data; or
   create new accounts with full user rights. Firewall best practices and
   standard default firewall configurations can help protect networks from
   attacks that originate outside the enterprise perimeter. Best practices
   recommend that systems that are connected to the Internet have a minimal
   number of ports exposed.

   This security update is rated Critical for all supported editions of
   Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Moderate
   for all supported editions of Windows Vista, and Windows Server 2008.

   The security update addresses the vulnerabilities by validating the fields
   inside the SMB packets.

   Recommendation. Microsoft recommends that customers apply the update
   immediately.

Affected Software

   Microsoft Windows 2000 Service Pack 4
   Windows XP Service Pack 2 and Windows XP Service Pack 3
   Windows XP Professional x64 Edition and Windows XP Professional x64
     Edition Service Pack 2
   Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
   Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
     Service Pack 2
   Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server
     2003 with SP2 for Itanium-based Systems
   Windows Vista and Windows Vista Service Pack 1
   Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
   Windows Server 2008 for 32-bit Systems*
   Windows Server 2008 for x64-based Systems*
   Windows Server 2008 for Itanium-based Systems

   *Windows Server 2008 server core installation affected.

Vulnerability Information

SMB Validation Denial of Service Vulnerability - CVE-2008-4114

   A denial of service vulnerability exists in the way that Microsoft
   Server Message Block (SMB) Protocol software handles specially crafted
   SMB packets. An attempt to exploit the vulnerability would not require
   authentication, allowing an attacker to exploit the vulnerability by
   sending a specially crafted network message to a computer running the
   Server service. An attacker who successfully exploited this vulnerability
   could cause the computer to stop responding and restart.

SMB Buffer Overflow Remote Code Execution Vulnerability - CVE-2008-4834

   An unauthenticated remote code execution vulnerability exists in the way
   that Microsoft Server Message Block (SMB) Protocol software handles
   specially crafted SMB packets. An attempt to exploit the vulnerability
   would not require authentication, allowing an attacker to exploit the
   vulnerability by sending a specially crafted network message to a
   computer running the Server service. An attacker who successfully
   exploited this vulnerability could take complete control of the system.
   Most attempts to exploit this vulnerability would result in a system
   denial of service condition, however remote code execution is
   theoretically possible.

SMB Validation Remote Code Execution Vulnerability - CVE-2008-4835

   An unauthenticated remote code execution vulnerability exists in the way
   that Microsoft Server Message Block (SMB) Protocol software handles
   specially crafted SMB packets. An attempt to exploit the vulnerability
   would not require authentication, allowing an attacker to exploit the
   vulnerability by sending a specially crafted network message to a
   computer running the Server service. An attacker who successfully
   exploited this vulnerability could cause the attacker to take complete
   control of the system. Most attempts to exploit this vulnerability would
   result in a system denial of service condition, however remote code
   execution is theoretically possible.

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================