Content
(MS08-068) Microsoft SMB Credential Reflection Vulnerability (957097)
- Type
- Logic error
- Impact of exploitation
- Remote Code Execution
- User Interaction
- user interaction is needed
- Attack Vector
- Malicious local network traffic
- Rating
- Medium
- CVE reference
- CVE-2008-4037,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows 2000 SP4,
- Windows XP SP3,
- Windows XP X64 SP2,
- Windows 2003 SP2,
- Windows 2003 x64 SP2,
- Windows 2003 Itanium SP2,
- Windows Vista SP1,
- Windows Vista X64 SP1,
- Windows 2008,
- Summary
- A vulnerability exists in Microsoft SMB (Server Message Block) that may allow for remote code execution.
Tab Navigation
Description
A vulnerability exists in Microsoft SMB (Server Message Block) that may allow for remote code execution. The flaw lies in the handling of NTLM credentials we when an affected user connects to an "attacker" or malicious SMB server. Once the connection is established, the attacker is then able to replay the source user's credentials back to their session, and therefore potentially execute code in the context of that user.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft(957097): http://www.microsoft.com/technet/security/Bulletin/MS08-068.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS08-068) Microsoft SMB Credential Reflection Vulnerability (957097)
- Signature identifier:
- 6220
- Release date:
- 11/11/2008
Additional Resources
Microsoft Security Bulletin: Vulnerability in SMB Could Allow Remote Code Execution (957097)
http://www.microsoft.com/technet/security/bulletin/ms08-068.mspx
All Information
Timeline -
11/11/2008
Vendor has provided a patch.
Description -
A vulnerability exists in Microsoft SMB (Server Message Block) that may allow for remote code execution. The flaw lies in the handling of NTLM credentials we when an affected user connects to an "attacker" or malicious SMB server. Once the connection is established, the attacker is then able to replay the source user's credentials back to their session, and therefore potentially execute code in the context of that user.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft(957097): http://www.microsoft.com/technet/security/Bulletin/MS08-068.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS08-068) Microsoft SMB Credential Reflection Vulnerability (957097)
- Signature identifier:
- 6220
- Release date:
- 11/11/2008
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Vulnerability in SMB Could Allow Remote Code Execution (957097)
http://www.microsoft.com/technet/security/bulletin/ms08-068.mspx
