Windows : Microsoft Bulletins : Microsoft Windows IAS Remote Code Execution Vulnerability (974318)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.901065

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft Windows IAS Remote Code Execution Vulnerability (974318)

Zusammenfassung: This host is missing a critical security update according to; Microsoft Bulletin MS09-071.

Beschreibung: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS09-071.

Vulnerability Insight:
This issue is caused by an error when messages received by the Internet
Authentication Service server are being copied incorrectly into memory
while handling PEAP authentication attempts.

Vulnerability Impact:
Successful exploitation will let the remote attackers take complete control
of an affected system. Servers using Internet Authentication Service are only
affected when using PEAP with MS-CHAP v2 authentication.

Affected Software/OS:
- Microsoft Windows 2k Service Pack 4 and prior

- Microsoft Windows Xp Service Pack 3 and prior

- Microsoft Windows 2k3 Service Pack 2 and prior

- Microsoft Windows Vista Service Pack 1/2 and prior

- Microsoft Windows Server 2008 Service Pack 1/2 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-2505
Cert/CC Advisory: TA09-342A
http://www.us-cert.gov/cas/techalerts/TA09-342A.html
Microsoft Security Bulletin: MS09-071
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-071
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6063
http://www.securitytracker.com/id?1023291
Common Vulnerability Exposure (CVE) ID: CVE-2009-3677
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6209

Copyright Copyright (C) 2009 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.901065
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft Windows IAS Remote Code Execution Vulnerability (974318)
Zusammenfassung:	This host is missing a critical security update according to; Microsoft Bulletin MS09-071.
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-071. Vulnerability Insight: This issue is caused by an error when messages received by the Internet Authentication Service server are being copied incorrectly into memory while handling PEAP authentication attempts. Vulnerability Impact: Successful exploitation will let the remote attackers take complete control of an affected system. Servers using Internet Authentication Service are only affected when using PEAP with MS-CHAP v2 authentication. Affected Software/OS: - Microsoft Windows 2k Service Pack 4 and prior - Microsoft Windows Xp Service Pack 3 and prior - Microsoft Windows 2k3 Service Pack 2 and prior - Microsoft Windows Vista Service Pack 1/2 and prior - Microsoft Windows Server 2008 Service Pack 1/2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2505 Cert/CC Advisory: TA09-342A http://www.us-cert.gov/cas/techalerts/TA09-342A.html Microsoft Security Bulletin: MS09-071 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-071 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6063 http://www.securitytracker.com/id?1023291 Common Vulnerability Exposure (CVE) ID: CVE-2009-3677 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6209
Copyright	Copyright (C) 2009 Greenbone AG