An error occurred:

Check: 2011-A-0078

windows 7 iavm: 2011-A-0078 (in version v1 r32)

Title

Microsoft Server Message Block (SMB) Denial of Service Vulnerability (Cat I impact)

Discussion

Microsoft has reported a vulnerability affecting Microsoft Server Message Block (SMB). SMB is a message format used by Windows to share files, directories and devices. To exploit these vulnerabilities, an attacker would create and send a malicious SMB packet to an affected system. If successfully exploited, these vulnerabilities would allow an attacker to compromise the affected system and cause a denial of service condition. At this time, there are no known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents. SMB Request Parsing Vulnerability - (CVE-2011-1267): A denial of service vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB requests. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted network message to a computer running the Server service.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS11-048 (2536275). Vulnerable Applications/Systems: Windows Vista SP 1 and SP 2 (x86 and x64) Windows Server 2008 and Windows Server 2008 SP 2 (x86*, x64* and Itanium) Windows 7 and Windows 7 SP 1 (x86 and x64) Windows Server 2008 R2 and Windows Server 2008 R2 SP 1 (x64* and Itanium) *Server Core installation not affected. Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems/Applications not listed below. Srvnet.sys Windows Vista SP1 / 2008 – 6.0.6001.18644 or 22910 Windows Vista SP2 / 2008 SP2 – 6.0.6002.18462 or 22634 Windows 7 / 2008 R2 – 6.1.7600.16806 or 20956 Windows 7 / 2008 R2 SP1 – 6.1.7601.17608 or 21717

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-28598

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check