ID de Prueba:	1.3.6.1.4.1.25623.1.0.900965
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Windows SMB2 Negotiation Protocol RCE Vulnerability
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS09-050.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-050. Vulnerability Insight: The following vulnerabilities exist: - A denial of service vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB version 2 (SMBv2) packets. - Unauthenticated remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB packets. Vulnerability Impact: An attacker can exploit this issue to execute code with SYSTEM-level privileges. Failed exploit attempts will likely cause denial-of-service conditions. Affected Software/OS: - Microsoft Windows 7 RC - Microsoft Windows Vista - Microsoft Windows 2008 Server Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2526 Cert/CC Advisory: TA09-286A http://www.us-cert.gov/cas/techalerts/TA09-286A.html Microsoft Security Bulletin: MS09-050 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5595 Common Vulnerability Exposure (CVE) ID: CVE-2009-2532 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6336 Common Vulnerability Exposure (CVE) ID: CVE-2009-3103 BugTraq ID: 36299 http://www.securityfocus.com/bid/36299 Bugtraq: 20090908 Regarding Microsoft srv2.sys SMB2.0 NEGOTIATE BSOD (Google Search) http://www.securityfocus.com/archive/1/506300/100/0/threaded Bugtraq: 20090909 SMB SRV2.SYS Denial of Service PoC (Google Search) http://www.securityfocus.com/archive/1/506327/100/0/threaded CERT/CC vulnerability note: VU#135940 http://www.kb.cert.org/vuls/id/135940 http://www.exploit-db.com/exploits/9594 http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.html http://blog.48bits.com/?p=510 http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html http://isc.sans.org/diary.html?storyid=7093 http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1 http://osvdb.org/57799 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489 http://www.securitytracker.com/id?1022848 http://secunia.com/advisories/36623 XForce ISS Database: win-srv2sys-code-execution(53090) https://exchange.xforce.ibmcloud.com/vulnerabilities/53090
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.