Content
(MS10-009) Microsoft Windows TCP/IP Selective Acknowledgement Vulnerability (974145)
- Type
- Misconfiguration
- Impact of exploitation
- Denial of Service
- User Interaction
- no user interaction is needed
- Attack Vector
- Malicious remote network traffic
- Rating
- Medium
- CVE reference
- CVE-2010-0242,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows Vista SP1,
- Windows Vista X64 SP1,
- Windows Server 2008 RTM,
- Summary
- A denial of service vulnerability exists in the Windows TCP/IP stack.
Tab Navigation
Description
Microsoft Windows is an industry standard operating system. A denial of service vulnerability exists in the Windows TCP/IP stack. The vulnerability is due to an error in the processing of specially crafted TCP packets with a malformed selective acknowledgment (SACK) value. In order to exploit the vulnerability, an attacker would have to send the target system a small number of specially crafted packets that would cause the targeted system to stop responding and automatically restart.
McAfee Product Mitigation & Recommendations
Recommendations
The vendor has released an update to address this issue. http://www.microsoft.com/technet/security/bulletin/ms10-009.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS10-009) Microsoft Windows TCP/IP Selective Acknowledgement Vulnerability (974145)
- Signature identifier:
- 7870
- Release date:
- 2/9/2010
Additional Resources
(MS10-009) Microsoft Windows TCP/IP Selective Acknowledgement Vulnerability (974145)
http://www.microsoft.com/technet/security/bulletin/ms10-009.mspx
All Information
Timeline -
2/9/2010
Vendor has provided a patch.
Description -
Microsoft Windows is an industry standard operating system. A denial of service vulnerability exists in the Windows TCP/IP stack. The vulnerability is due to an error in the processing of specially crafted TCP packets with a malformed selective acknowledgment (SACK) value. In order to exploit the vulnerability, an attacker would have to send the target system a small number of specially crafted packets that would cause the targeted system to stop responding and automatically restart.
McAfee Product Mitigation & Recommendations
Recommendations -
The vendor has released an update to address this issue. http://www.microsoft.com/technet/security/bulletin/ms10-009.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS10-009) Microsoft Windows TCP/IP Selective Acknowledgement Vulnerability (974145)
- Signature identifier:
- 7870
- Release date:
- 2/9/2010
Additional Resources
Additional Resources -
(MS10-009) Microsoft Windows TCP/IP Selective Acknowledgement Vulnerability (974145)
http://www.microsoft.com/technet/security/bulletin/ms10-009.mspx
