ID de Prueba:	1.3.6.1.4.1.25623.1.0.900838
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS09-048.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-048. Vulnerability Insight: An error in the TCP/IP processing can be exploited to cause connections to hang indefinitely in a FIN-WAIT-1 or FIN-WAIT-2 state, and system to stop responding to new requests by flooding it using specially crafted packets with a TCP receive window size set to a very small value or zero. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary code, and it may result in Denial of Service condition in an affected system. Affected Software/OS: - Microsoft Windows 2k Service Pack 4 and prior - Microsoft Windows 2k3 Service Pack 2 and prior - Microsoft Windows Vista Service Pack 1/2 and prior - Microsoft Windows Server 2008 Service Pack 1/2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4609 Cert/CC Advisory: TA09-251A http://www.us-cert.gov/cas/techalerts/TA09-251A.html Cisco Security Advisory: 20081017 Cisco Response to Outpost24 TCP State Table Manipulation Denial of Service Vulnerabilities http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html Cisco Security Advisory: 20090908 TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml HPdes Security Advisory: HPSBMI02473 http://marc.info/?l=bugtraq&m=125856010926699&w=2 HPdes Security Advisory: SSRT080138 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://blog.robertlee.name/2008/10/conjecture-speculation.html http://insecure.org/stf/tcp-dos-attack-explained.html http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf http://www.outpost24.com/news/news-2008-10-02.html https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html Microsoft Security Bulletin: MS09-048 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6340 Common Vulnerability Exposure (CVE) ID: CVE-2009-1925 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6374 Common Vulnerability Exposure (CVE) ID: CVE-2009-1926 BugTraq ID: 36269 http://www.securityfocus.com/bid/36269 Bugtraq: 20090909 TCP/IP Orphaned Connections Vulnerability (Google Search) http://www.securityfocus.com/archive/1/506331/100/0/threaded http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926 http://osvdb.org/57797 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.