==================================================================== CERT-Renater Note d'Information No. 2012/VULN401 ____________________________________________________________________ DATE : 10/10/2012 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S) : Windows version 7, Server 2008 running Kerberos. ====================================================================== KB2743555 http://technet.microsoft.com/en-us/security/bulletin/MS12-069 ______________________________________________________________________ Microsoft Security Bulletin MS12-069 - Important Vulnerability in Kerberos Could Allow Denial of Service (2743555) Published Date: October 9, 2012 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a remote attacker sends a specially crafted session request to the Kerberos server. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. This security update is rated Important for all supported editions of Windows 7 and Windows Server 2008 R2. For more information, see the subsection, Affected and Non-Affected Software, in this section. Affected Software Windows 7 for 32-bit Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for Itanium-based Systems Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Vulnerability Information Kerberos NULL Dereference Vulnerability - CVE-2012-2551 A denial of service vulnerability exists when the Microsoft Kerberos implementation fails to properly handle a specially crafted session. An attacker who successfully exploited this vulnerability could cause the system to stop responding and restart. ====================================================================== ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================