=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2011/VULN372
_____________________________________________________________________

DATE                      : 11/05/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows Server 2003, Windows Server 2008
                             running WINS.

======================================================================
KB2524426
http://www.microsoft.com/technet/security/bulletin/MS11-035.mspx
______________________________________________________________________

Microsoft Security Bulletin MS11-035 - Critical
Vulnerability in WINS Could Allow Remote Code Execution (2524426)
Published: May 10, 2011

Version: 1.0

General Information

Executive Summary

This security update resolves a privately reported vulnerability in the
Windows Internet Name Service (WINS). The vulnerability could allow
remote code execution if a user received a specially crafted WINS
replication packet on an affected system running the WINS service. By
default, WINS is not installed on any affected operating system. Only
customers who manually installed this component are affected by this
issue.

This security update is rated Critical for servers running supported
editions of Windows Server 2003, Windows Server 2008 (except Itanium),
and Windows Server 2008 R2 (except Itanium), on which WINS is installed.

Affected Software

Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2*
Windows Server 2008 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2*
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1*

Vulnerability Information

WINS Service Failed Response Vulnerability - CVE-2011-1248

A remote code execution vulnerability exists in the Windows Internet
Name Service (WINS) due to insufficient validations for the data
structures within specially crafted WINS network packets sent to the
WINS service.

To view this vulnerability as a standard entry in the Common
Vulnerabilities and Exposures list, see CVE-2011-1248.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================