Content
(MS07-063) Microsoft SMBv2 Signing Vulnerability (942624)
- Type
- Logic error
- Impact of exploitation
- Remote Code Execution
- User Interaction
- no user interaction is needed
- Attack Vector
- Malicious local network traffic
- Rating
- High
- CVE reference
- CVE-2007-5351,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows Vista,
- Windows Vista x64,
- Summary
- A vulnerability in Microsoft Windows Vista may allow for remote code-execution attacks.
Tab Navigation
Description
Windows Vista is a popular operating system developed by Microsoft. A vulnerability in Microsoft Windows Vista may allow for remote code-execution attacks. The vulnerability lies in the SMBv2 signing feature. An attacker could analyze an SMBv2 packet to recompute the SMBv2 signature. A successful attack would allow code execution at the level of logged-on user.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft (942624): http://www.microsoft.com/technet/security/Bulletin/MS07-063.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS07-063) Microsoft SMBv2 Signing Vulnerability (942624)
- Signature identifier:
- 5622
- Release date:
- 12/10/2007
Additional Resources
Microsoft Security Bulletin: Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)
http://www.microsoft.com/technet/security/Bulletin/MS07-063.mspx
All Information
Timeline -
12/11/2007
Vendor has provided a patch.
Description -
Windows Vista is a popular operating system developed by Microsoft. A vulnerability in Microsoft Windows Vista may allow for remote code-execution attacks. The vulnerability lies in the SMBv2 signing feature. An attacker could analyze an SMBv2 packet to recompute the SMBv2 signature. A successful attack would allow code execution at the level of logged-on user.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft (942624): http://www.microsoft.com/technet/security/Bulletin/MS07-063.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS07-063) Microsoft SMBv2 Signing Vulnerability (942624)
- Signature identifier:
- 5622
- Release date:
- 12/10/2007
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)
http://www.microsoft.com/technet/security/Bulletin/MS07-063.mspx
