Content
(MS09-050) SMBv2 Command Value Vulnerability (975517)
- Type
- Logic error
- Impact of exploitation
- Remote Code Execution
- User Interaction
- no user interaction is needed
- Attack Vector
- Malicious remote network traffic
- Rating
- Medium
- CVE reference
- CVE-2009-2532,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows Vista SP1,
- Windows 2008,
- Windows Vista SP2,
- Windows 2008 SP2,
- Windows 2008 Itanium SP2,
- Windows Vista SP1,
- Summary
- A remote code execution vulnerability exists in the Microsoft Server Message Block (SMB) Protocol.
Tab Navigation
Description
A remote code execution vulnerability exists in the Microsoft Server Message Block (SMB) Protocol. The vulnerability exists in the way that SMB Protocol software handles specially crafted SMB packets. Exploitation of the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted network message to a computer running the Server service. An attacker who successfully exploited this vulnerability could take complete control of the system.
McAfee Product Mitigation & Recommendations
Recommendations
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-050.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-050) SMBv2 Command Value Vulnerability (975517)
- Signature identifier:
- 7188
- Release date:
- 10/13/2009
McAfee Intrushield
- Signature:
- NETBIOS-SS: Windows Vista Remote Code Execution Vulnerability
- Signature identifier:
- 0x4070B100
- Release date:
- 9/8/2009
- First released in:
- 5.1.27, 4.1.75
McAfee Host IPS
- Signature:
- (MS09-050) SMBv2 Command Value Vulnerability (975517)
- Signature identifier:
- 7188
- Release date:
- 10/14/2009
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection
The V-Flash of 10/14/2009 contains coverage for windows.
- Release date:
- 10/14/2009
Additional Resources
(MS09-050) SMBv2 Command Value Vulnerability (975517)
http://www.microsoft.com/technet/security/bulletin/ms09-050.mspx
All Information
Timeline -
10/13/2009
Vendor has provided a patch.
Description -
A remote code execution vulnerability exists in the Microsoft Server Message Block (SMB) Protocol. The vulnerability exists in the way that SMB Protocol software handles specially crafted SMB packets. Exploitation of the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted network message to a computer running the Server service. An attacker who successfully exploited this vulnerability could take complete control of the system.
McAfee Product Mitigation & Recommendations
Recommendations -
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-050.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-050) SMBv2 Command Value Vulnerability (975517)
- Signature identifier:
- 7188
- Release date:
- 10/13/2009
McAfee Intrushield
- Signature:
- NETBIOS-SS: Windows Vista Remote Code Execution Vulnerability
- Signature identifier:
- 0x4070B100
- Release date:
- 9/8/2009
- First released in:
- 5.1.27, 4.1.75
McAfee Host IPS
- Signature:
- (MS09-050) SMBv2 Command Value Vulnerability (975517)
- Signature identifier:
- 7188
- Release date:
- 10/14/2009
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection
The V-Flash of 10/14/2009 contains coverage for windows.
- Release date:
- 10/14/2009
Additional Resources
Additional Resources -
(MS09-050) SMBv2 Command Value Vulnerability (975517)
http://www.microsoft.com/technet/security/bulletin/ms09-050.mspx
