===================================================================== CERT-Renater Note d'Information No. 2013/VULN054 _____________________________________________________________________ DATE : 13/02/2013 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S) : Windows version Server 2008, Server 2012 running NFS Server. ====================================================================== KB2790978 https://technet.microsoft.com/en-us/security/bulletin/ms13-014 ______________________________________________________________________ Microsoft Security Bulletin MS13-014 - Important Vulnerability in NFS Server Could Allow Denial of Service (2790978) Published Date: February 12, 2013 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker attempts a file operation on a read only share. An attacker who exploited this vulnerability could cause the affected system to stop responding and restart. The vulnerability only affects Windows servers with the NFS role enabled. This security update is rated Important for all supported editions of Windows Server 2008 R2 and Windows Server 2012. Affected Software Windows Server 2008 R2 for x64-based Systems (KB2790978) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB2790978) Windows Server 2008 R2 for Itanium-based Systems (KB2790978) Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (KB2790978) Windows Server 2012 (KB2790978) Windows Server 2008 R2 for x64-based Systems (Server Core installation) (KB2790978) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (KB2790978) Windows Server 2012 (Server Core installation) (KB2790978) Vulnerability Information NULL Dereference Vulnerability - CVE-2013-1281 A denial of service vulnerability exists when the Windows NFS server fails to properly handle a file operation on a read-only share. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding and restart. ====================================================================== ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================