=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN290
_____________________________________________________________________

DATE                      : 11/08/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows XP, Windows Server 2003, Windows Vista,
                             Windows Server 2008, Windows 7 running SMB Server.

======================================================================
KB982214
http://www.microsoft.com/technet/security/Bulletin/MS10-054.mspx
______________________________________________________________________

Microsoft Security Bulletin MS10-054 - Critical
Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214)

Version: 1.0

General Information

Executive Summary

  This security update resolves several privately reported vulnerabilities in
  Microsoft Windows. The most severe of these vulnerabilities could allow
  remote code execution if an attacker created a specially crafted SMB packet
  and sent the packet to an affected system. Firewall best practices and
  standard default firewall configurations can help protect networks from
  attacks originating outside the enterprise perimeter that would attempt to
  exploit these vulnerabilities.

  This security update is rated Critical for all supported editions of Windows
  XP and Important for all supported editions of Windows Server 2003, Windows
  Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. For more
  information, see the subsection, Affected and Non-Affected Software, in this
  section.

  The security update addresses these vulnerabilities by correcting the way
  that SMB validates SMB requests. For more information about the
  vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for
  the specific vulnerability entry under the next section, Vulnerability
  Information.

Affected Software

  Windows XP Service Pack 3
  Windows XP Professional x64 Edition Service Pack 2
  Windows Server 2003 Service Pack 2
  Windows Server 2003 x64 Edition Service Pack 2
  Windows Server 2003 with SP2 for Itanium-based Systems
  Windows Vista Service Pack 1 and Windows Vista Service Pack 2
  Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition
    Service Pack 2
  Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit
    Systems Service Pack 2*
  Windows Server 2008 for x64-based Systems and Windows Server 2008 for
    x64-based Systems Service Pack 2*
  Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for
    Itanium-based Systems Service Pack 2
  Windows 7 for 32-bit Systems
  Windows 7 for x64-based Systems
  Windows Server 2008 R2 for x64-based Systems*
  Windows Server 2008 R2 for Itanium-based Systems

Vulnerability Information

SMB Pool Overflow Vulnerability - CVE-2010-2550

  An unauthenticated remote code execution vulnerability exists in the way that
  Microsoft Server Message Block (SMB) Protocol software handles specially
  crafted SMB packets. An attempt to exploit the vulnerability would not
  require authentication, allowing an attacker to exploit the vulnerability by
  sending a specially crafted network message to a computer running the Server
  service. An attacker who successfully exploited this vulnerability could take
  complete control of the system.

SMB Variable Validation Vulnerability - CVE-2010-2551

  A denial of service vulnerability exists in the way that Microsoft Server
  Message Block (SMB) Protocol software handles specially crafted SMB packets.
  An attempt to exploit the vulnerability would not require authentication,
  allowing an attacker to exploit the vulnerability by sending a specially
  crafted network message to a computer running the Server service.

SMB Stack Exhaustion Vulnerability - CVE-2010-2552

  A denial of service vulnerability exists in the way that Microsoft Server
  Message Block (SMB) Protocol software handles specially crafted SMB
  compounded requests. An attempt to exploit the vulnerability would not
  require authentication, allowing an attacker to exploit the vulnerability by
  sending a specially crafted network message to a computer running the Server
  service.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================