Microsoft Windows SMB Transaction解析远程代码执行漏洞

漏洞起因
设计错误
危险等级

 
影响系统
   Microsoft Windows 7
 Microsoft Windows Server 2003 Datacenter Edition
 Microsoft Windows Server 2003 Enterprise Edition
 Microsoft Windows Server 2003 Standard Edition
 Microsoft Windows Server 2003 Web Edition
 Microsoft Windows Server 2008
 Microsoft Windows Storage Server 2003
 Microsoft Windows Vista
 Microsoft Windows XP Home Edition
 Microsoft Windows XP Professional
 
不受影响系统
 
危害
远程攻击者可以利用漏洞以SMB服务进程上下文执行任意代码。
 
攻击所需条件
攻击者必须访问Microsoft Windows。
 
漏洞信息
Microsoft Windows是一款流行的操作系统。
Microsoft Windows在处理SMB报文某些字段时存在错误,向目标服务器提交特制的SMB报文,可以服务进程上下文执行任意代码。
 
测试方法
 
厂商解决方案
用户可参考如下供应商提供的安全公告获得补丁信息:
Microsoft Windows XP Media Center Edition SP3
Microsoft WindowsXP-KB2508429-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=CCB08A8A-F4D9 -4320-8FFB-3FD4FE217987
Microsoft Windows 7 for 32-bit Systems 0
Microsoft Windows6.1-KB2508429-x86.msu
http://www.microsoft.com/downloads/details.aspx?familyid=D3EF905B-3584 -4842-9EC2-CF3856305D49
Microsoft Windows Server 2003 Web Edition SP2
Microsoft WindowsServer2003-KB2508429-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=64C550D4-C927 -4382-91E1-473ED6790819
Microsoft Windows XP Professional x64 Edition SP2
Microsoft WindowsServer2003.WindowsXP-KB2508429-x64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=7EE202DA-A711 -42EE-BEA3-7202A70E4EA0
Microsoft Windows Vista x64 Edition SP1
Microsoft Windows6.0-KB2508429-x64.msu
http://www.microsoft.com/downloads/details.aspx?familyid=2878C587-6544 -40B4-9288-FC3B3CE1128D
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Windows6.0-KB2508429-ia64.msu
http://www.microsoft.com/downloads/details.aspx?familyid=B89B8E28-CD98 -4BCC-8729-5E51D52D1E92
Microsoft Windows 7 for x64-based Systems 0
Microsoft Windows6.1-KB2508429-x64.msu
http://www.microsoft.com/downloads/details.aspx?familyid=7DDC943B-6868 -4E8F-A869-89B47133C287
Microsoft Windows Server 2003 Standard Edition SP2
Microsoft WindowsServer2003-KB2508429-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=64C550D4-C927 -4382-91E1-473ED6790819
Microsoft Windows Server 2003 Itanium SP2
Microsoft WindowsServer2003-KB2508429-ia64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=79AEB3CD-7C73 -467B-B91E-02C6EA01E911
Microsoft Windows Server 2008 for Itanium-based Systems R2
Microsoft Windows6.1-KB2508429-ia64.msu
http://www.microsoft.com/downloads/details.aspx?familyid=0005377B-443F -44CA-A890-620B2DCEA6F1
Microsoft Windows Server 2008 for Itanium-based Systems 0
Microsoft Windows6.0-KB2508429-ia64.msu
http://www.microsoft.com/downloads/details.aspx?familyid=B89B8E28-CD98 -4BCC-8729-5E51D52D1E92
Microsoft Windows Vista x64 Edition SP2
Microsoft Windows6.0-KB2508429-x64.msu
http://www.microsoft.com/downloads/details.aspx?familyid=2878C587-6544 -40B4-9288-FC3B3CE1128D
 
漏洞提供者
Microsoft
  
 
漏洞消息链接
http://www.microsoft.com/technet/security/Bulletin/MS11-020.mspx
http://secunia.com/advisories/44072/

发表评论?

0 条评论。

发表评论