An error occurred:

Check: 2012-A-0137

windows 7 iavm: 2012-A-0137 (in version v1 r32)

Title

Multiple Vulnerabilities in Microsoft Windows Networking Components (Cat I impact)

Discussion

Microsoft has released a critical advisory addressing multiple vulnerabilities in Windows Networking Components. To exploit these vulnerabilities, an unauthorized remote attacker would send malicious RAP packets to an affected system or respond to a print spooler request with a malicious response. If successfully exploited, these vulnerabilities would allow an attacker to execute arbitrary code with system privileges and completely compromise the system.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft bulletin MS12-054 (2733594) Vulnerable Applications/Systems: Windows XP SP3 Windows XP Professional x64 Edition SP2 Windows Server 2003 SP2 (x86, x64, Itanium) Windows Vista SP2 (x86, x64) Windows Server 2008 SP2 (x86, x64, Itanium) Windows 7 / Windows 7 SP1 (x86, x64) Windows Server 2008 R2 / Windows Server 2008 R2 SP1 (x64, Itanium) Server Core installation option Windows Server 2008 SP2 (x86, x64) Windows Server 2008 R2 / Windows Server 2008 R2 SP1 (x64) Verify the patches have been installed by checking that the following sample files are at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Applications/Systems not listed below. Netapi32.dll Windows XP SP3 - 5.1.2600.6260 Windows XP SP2 x64 - 5.2.3790.5030 Windows 2003 SP2 - 5.2.3790.5030 Windows Vista SP2 / 2008 SP2 - 6.0.6002.18659 or 22887 Windows 7 / 2008 R2 - 6.1.7600.17056 or 21256 Windows 7 SP1 / 2008 R2 SP1 - 6.1.7601.17887 or 22044 Localspl.dll Windows XP SP3 - 5.1.2600.6226 Windows XP SP2 x64 - 5.2.3790.5002 Windows 2003 SP2 - 5.2.3790.5002 Windows Vista SP2 / 2008 SP2 - 6.0.6002.18631 or 22857 Windows 7 / 2008 R2 - 6.1.7600.17023 or 21214 Windows 7 SP1 / 2008 R2 SP1 - 6.1.7601.17841 or 21994

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-33657

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check