Audit Report

Site report for Winxp

Audited on December 11 2011

Reported on December 11 2011

1 Executive Summary

This report represents a security audit performed by Nexpose from Rapid7 LLC. It contains confidential information about the state of your network. Access to this information by unauthorized personnel may allow them to compromise your network.

Site Name

Start Time

End Time

Total Time

Status

Winxp

December 11, 2011 02:45, CET

December 11, 2011 02:47, CET

1 minutes

Success

There is not enough historical data to display risk trend.

The audit was performed on one system which was found to be active and was scanned.

Vulnerabilities by Severity

There were 12 vulnerabilities found during this scan. Of these, 9 were critical vulnerabilities. Critical vulnerabilities require immediate attention. They are relatively easy for attackers to exploit and may provide them with full control of the affected systems. 2 vulnerabilities were severe. Severe vulnerabilities are often harder to exploit and may not provide the same access to affected systems. There was one moderate vulnerability discovered. These often provide information to attackers that may assist them in mounting subsequent attacks on your network. These should also be fixed in a timely manner, but are not as urgent as the other vulnerabilities.

Most Common Vulnerabilities
Most Common Vulnerability Categories

There were 3 occurrences of the windows-hotfix-ms08-067 vulnerability, making it the most common vulnerability. There were 14 vulnerabilities in the Windows category, making it the most common vulnerability category.

Highest Risk Vulnerabilities

The windows-hotfix-ms08-067 vulnerability poses the highest risk to the organization with a risk score of 675. Vulnerability risk scores are calculated by looking at the likelihood of attack and impact, based upon CVSS metrics. The impact and likelihood are then multiplied by the number of instances of the vulnerability to come up with the final risk score.

One operating system was identified during this scan.

There were 4 services found to be running during this scan.

Most Common Services

The CIFS, CIFS Name Service, DCE Endpoint Resolution and NTP services were found on 1 systems, making them the most common services.

2 Discovered Systems

Node

Operating System

Risk

Aliases

192.168.56.103

Microsoft Windows XP

7,514
  • WINXPVBOX

3 Discovered and Potential Vulnerabilities

3.1 Critical Vulnerabilities

3.1.1 Microsoft Server Service / CanonicalizePathName() Remote Code Execution Vulnerability (dcerpc-ms-netapi-netpathcanonicalize-dos)

Description:

Certain versions of Microsoft Windows are vulnerable to a remote buffer overflow which could compromise a target machine. A specially crafted packet could be used in a call to the NetPathCanonicalize RPC routine in the Server Service, whereby an attacker could execute code under SYSTEM level access.

Affected Nodes:

Affected Nodes:

Additional Information:

192.168.56.103

Got vulnerable string result

References:

Source

Reference

BID

 19409 ( http://www.securityfocus.com/bid/19409 )

CERT

 TA06-220A ( http://www.cert.org/advisories/TA06-220A.html )

CERT-VN

 650769 ( http://www.kb.cert.org/vuls/id/650769 )

CVE

 CVE-2006-3439 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3439 )

MS

 MS06-040 ( http://www.microsoft.com/technet/security/bulletin/MS06-040.mspx )

MSKB

 921883 ( http://support.microsoft.com/default.aspx?scid=kb;EN-US;921883 )

OVAL

 OVAL492 ( http://oval.mitre.org/oval/definitions/data/OVAL492.html )

SANS-06

 W4 ( http://www.sans.org/top20/2006/#w4 )

SANS-07

 S2 ( http://www.sans.org/top20/2007/#s2 )

SECUNIA

 21388 ( http://secunia.com/advisories/21388/ )

XF

 ms-server-service-bo(28002) ( http://xforce.iss.net/xforce/xfdb/28002 )

Vulnerability Solution:

  • Microsoft Windows 2000 Professional, Microsoft Windows 2000 Datacenter Server, Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server

    Install Microsoft service pack Windows 2000 Service Pack 4

    Download and apply the upgrade from: http://support.microsoft.com/sp ( http://support.microsoft.com/sp )

  • Microsoft Windows 2000 Professional SP4, Microsoft Windows 2000 Datacenter Server SP4, Microsoft Windows 2000 Server SP4, Microsoft Windows 2000 Advanced Server SP4

    Download and install Microsoft patch WinDOWS2000-KB921883-x86-ENU.EXE

    Download and apply the patch from: http://download.microsoft.com/download/9/0/b/90b8dbba-09c1-4b27-b0c4-0cc13706823a/Windows2000-KB921883-x86-ENU.EXE ( http://download.microsoft.com/download/9/0/b/90b8dbba-09c1-4b27-b0c4-0cc13706823a/Windows2000-KB921883-x86-ENU.EXE )

  • Microsoft Windows XP Home Edition, Microsoft Windows XP Professional, Microsoft Windows XP Tablet PC Edition, Microsoft Windows XP Media Center Edition

    Install Microsoft service pack Windows XP Service Pack 1

    Download and apply the upgrade from: http://support.microsoft.com/sp ( http://support.microsoft.com/sp )

  • Microsoft Windows XP Home Edition SP1 OR SP2, Microsoft Windows XP Professional SP1 OR SP2

    Download and install Microsoft patch WindowSXP-KB921883-x86-ENU.EXE

    Download and apply the patch from: http://download.microsoft.com/download/c/2/b/c2b41862-1113-4e40-a81a-d6971733e361/WindowsXP-KB921883-x86-ENU.exe ( http://download.microsoft.com/download/c/2/b/c2b41862-1113-4e40-a81a-d6971733e361/WindowsXP-KB921883-x86-ENU.exe )

  • Microsoft Windows Server 2003, Web Edition < SP1 OR SP1, Microsoft Windows Server 2003, Enterprise Edition < SP1 OR SP1, Microsoft Windows Server 2003, Datacenter Edition < SP1 OR SP1, Microsoft Windows Server 2003, Standard Edition < SP1 OR SP1, Microsoft Windows Small Business Server 2003 < SP1 OR SP1

    Download and install Microsoft patch WindowsServer2003-KB921883-x86-ENU.EXE

    Download and apply the patch from: http://download.microsoft.com/download/6/e/e/6ee2a18d-b3a7-457a-af39-fb687fd6aa91/WindowsServer2003-KB921883-x86-ENU.exe ( http://download.microsoft.com/download/6/e/e/6ee2a18d-b3a7-457a-af39-fb687fd6aa91/WindowsServer2003-KB921883-x86-ENU.exe )

3.1.2 MS08-067: Vulnerability in Server Service Could Allow Remote Code Execution (windows-hotfix-ms08-067)

Description:

This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.

Affected Nodes:

Affected Nodes:

Additional Information:

192.168.56.103

Vulnerable OS: Microsoft Windows XP

Based on the result of the "Microsoft Server Service / CanonicalizePathName() Remote Code Execution Vulnerability" test, this node is vulnerable to this additional issue as well.

192.168.56.103:139

Running vulnerable CIFS service.

Vulnerable OS: Microsoft Windows XP

Received vulnerable status reply

192.168.56.103:445

Running vulnerable CIFS service.

Vulnerable OS: Microsoft Windows XP

Received vulnerable status reply

References:

Source

Reference

BID

 31874 ( http://www.securityfocus.com/bid/31874 )

CERT

 TA08-297A ( http://www.cert.org/advisories/TA08-297A.html )

CERT

 TA09-088A ( http://www.cert.org/advisories/TA09-088A.html )

CERT-VN

 827267 ( http://www.kb.cert.org/vuls/id/827267 )

CVE

 CVE-2008-4250 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4250 )

MS

 MS08-067 ( http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx )

MSKB

 958644 ( http://support.microsoft.com/default.aspx?scid=kb;EN-US;958644 )

OVAL

 OVAL6093 ( http://oval.mitre.org/oval/definitions/data/OVAL6093.html )

SECUNIA

 32326 ( http://secunia.com/advisories/32326/ )

URL

 http://blogs.msdn.com/sdl/archive/2008/10/22/ms08-067.aspx ( http://blogs.msdn.com/sdl/archive/2008/10/22/ms08-067.aspx )

URL

 http://blogs.technet.com/msrc/archive/2008/10/23/ms08-067-released.aspx ( http://blogs.technet.com/msrc/archive/2008/10/23/ms08-067-released.aspx )

URL

 http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx ( http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx )

XF

 win-server-rpc-code-execution(46040) ( http://xforce.iss.net/xforce/xfdb/46040 )

Vulnerability Solution:

  • Microsoft Windows 2000 SP4 (x86), Microsoft Windows 2000 Professional SP4 (x86), Microsoft Windows 2000 Server SP4 (x86), Microsoft Windows 2000 Advanced Server SP4 (x86), Microsoft Windows 2000 Datacenter Server SP4 (x86)

    Download and install Microsoft patch Windows2000-KB958644-x86-ENU.EXE (618024 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2008/10/windows2000-kb958644-x86-enu_32416827ab7de148e5e7998e6e1f4c3b16fa4719.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2008/10/windows2000-kb958644-x86-enu_32416827ab7de148e5e7998e6e1f4c3b16fa4719.exe )

  • Microsoft Windows Server 2003 SP2 OR SP1 (x86), Microsoft Windows Server 2003, Standard Edition SP2 OR SP1 (x86), Microsoft Windows Server 2003, Enterprise Edition SP2 OR SP1 (x86), Microsoft Windows Server 2003, Datacenter Edition SP2 OR SP1 (x86), Microsoft Windows Server 2003, Web Edition SP2 OR SP1 (x86), Microsoft Windows Small Business Server 2003 SP2 OR SP1 (x86)

    Download and install Microsoft patch WindowsServer2003-KB958644-x86-ENU.exe (702840 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2008/10/windowsserver2003-kb958644-x86-enu_af4987620549ae4174e45ec5aa872f4a352f34c1.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2008/10/windowsserver2003-kb958644-x86-enu_af4987620549ae4174e45ec5aa872f4a352f34c1.exe )

  • Microsoft Windows XP Professional SP3 OR SP2 (x86), Microsoft Windows XP Home SP3 OR SP2 (x86)

    Download and install Microsoft patch WindowsXP-KB958644-x86-ENU.exe (648560 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2008/10/windowsxp-kb958644-x86-enu_5c135a8dae5721849430afe27af255f83e64f62b.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2008/10/windowsxp-kb958644-x86-enu_5c135a8dae5721849430afe27af255f83e64f62b.exe )

  • Microsoft Windows XP Professional SP2 OR SP1 (x86_64)

    Download and install Microsoft patch WindowsServer2003.WindowsXP-KB958644-x64-ENU.exe (1288568 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2008/10/windowsserver2003.windowsxp-kb958644-x64-enu_75717882c206870bdbaec8e606c588853fb8e34c.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2008/10/windowsserver2003.windowsxp-kb958644-x64-enu_75717882c206870bdbaec8e606c588853fb8e34c.exe )

  • Microsoft Windows Server 2003 SP2 OR SP1 (x86_64), Microsoft Windows Server 2003, Standard Edition SP2 OR SP1 (x86_64), Microsoft Windows Server 2003, Enterprise Edition SP2 OR SP1 (x86_64), Microsoft Windows Server 2003, Datacenter Edition SP2 OR SP1 (x86_64), Microsoft Windows Server 2003, Web Edition SP2 OR SP1 (x86_64), Microsoft Windows Small Business Server 2003 SP2 OR SP1 (x86_64)

    Download and install Microsoft patch WindowsServer2003.WindowsXP-KB958644-x64-ENU.exe (1288568 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2008/10/windowsserver2003.windowsxp-kb958644-x64-enu_75717882c206870bdbaec8e606c588853fb8e34c.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2008/10/windowsserver2003.windowsxp-kb958644-x64-enu_75717882c206870bdbaec8e606c588853fb8e34c.exe )

  • Microsoft Windows Server 2003 SP2 OR SP1 (ia64), Microsoft Windows Server 2003, Standard Edition SP2 OR SP1 (ia64), Microsoft Windows Server 2003, Enterprise Edition SP2 OR SP1 (ia64), Microsoft Windows Server 2003, Datacenter Edition SP2 OR SP1 (ia64), Microsoft Windows Server 2003, Web Edition SP2 OR SP1 (ia64), Microsoft Windows Small Business Server 2003 SP2 OR SP1 (ia64)

    Download and install Microsoft patch WindowsServer2003-KB958644-ia64-ENU.exe (1778040 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2008/10/windowsserver2003-kb958644-ia64-enu_5d8f2d2bcc621f453035d2d9eabde032b0be36c3.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2008/10/windowsserver2003-kb958644-ia64-enu_5d8f2d2bcc621f453035d2d9eabde032b0be36c3.exe )

  • Microsoft Windows Server 2008 SP1 (x86_64), Microsoft Windows Server 2008 Enterprise Edition SP1 (x86_64), Microsoft Windows Server 2008 Standard Edition SP1 (x86_64), Microsoft Windows Server 2008 Datacenter Edition SP1 (x86_64), Microsoft Windows Server 2008 HPC Edition SP1 (x86_64), Microsoft Windows Server 2008 Web Edition SP1 (x86_64), Microsoft Windows Server 2008 Storage Edition SP1 (x86_64), Microsoft Windows Small Business Server 2008 SP1 (x86_64), Microsoft Windows Essential Business Server 2008 SP1 (x86_64)

    Download and install Microsoft patch Windows6.0-KB958644-x64.cab (538665 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2008/10/windows6.0-kb958644-x64_6156746e22baf9bec4c4ac7aa8355b1795c25be0.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2008/10/windows6.0-kb958644-x64_6156746e22baf9bec4c4ac7aa8355b1795c25be0.cab )

  • Microsoft Windows Server 2008 SP1 (x86), Microsoft Windows Server 2008 Enterprise Edition SP1 (x86), Microsoft Windows Server 2008 Standard Edition SP1 (x86), Microsoft Windows Server 2008 Datacenter Edition SP1 (x86), Microsoft Windows Server 2008 HPC Edition SP1 (x86), Microsoft Windows Server 2008 Web Edition SP1 (x86), Microsoft Windows Server 2008 Storage Edition SP1 (x86), Microsoft Windows Small Business Server 2008 SP1 (x86), Microsoft Windows Essential Business Server 2008 SP1 (x86)

    Download and install Microsoft patch Windows6.0-KB958644-x86.cab (265099 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2008/10/windows6.0-kb958644-x86_ecdee104d41f6f93e455b8b5dcc349a99f58fe77.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2008/10/windows6.0-kb958644-x86_ecdee104d41f6f93e455b8b5dcc349a99f58fe77.cab )

  • Microsoft Windows Server 2008 SP1 (ia64), Microsoft Windows Server 2008 Enterprise Edition SP1 (ia64), Microsoft Windows Server 2008 Standard Edition SP1 (ia64), Microsoft Windows Server 2008 Datacenter Edition SP1 (ia64), Microsoft Windows Server 2008 HPC Edition SP1 (ia64), Microsoft Windows Server 2008 Web Edition SP1 (ia64), Microsoft Windows Server 2008 Storage Edition SP1 (ia64), Microsoft Windows Small Business Server 2008 SP1 (ia64), Microsoft Windows Essential Business Server 2008 SP1 (ia64)

    Download and install Microsoft patch Windows6.0-KB958644-ia64.cab (567175 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2008/10/windows6.0-kb958644-ia64_8a5f04cb6a4d61b6fb565bd32471869b27f24100.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2008/10/windows6.0-kb958644-ia64_8a5f04cb6a4d61b6fb565bd32471869b27f24100.cab )

  • Microsoft Windows Vista < SP1 (x86), Microsoft Windows Vista Home, Basic Edition < SP1 (x86), Microsoft Windows Vista Home, Basic N Edition < SP1 (x86), Microsoft Windows Vista Home, Premium Edition < SP1 (x86), Microsoft Windows Vista Ultimate Edition < SP1 (x86), Microsoft Windows Vista Enterprise Edition < SP1 (x86), Microsoft Windows Vista Business Edition < SP1 (x86), Microsoft Windows Vista Business N Edition < SP1 (x86), Microsoft Windows Vista Starter Edition < SP1 (x86)

    Download and install Microsoft patch Windows6.0-KB958644-x86.cab (265099 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2008/10/windows6.0-kb958644-x86_ecdee104d41f6f93e455b8b5dcc349a99f58fe77.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2008/10/windows6.0-kb958644-x86_ecdee104d41f6f93e455b8b5dcc349a99f58fe77.cab )

  • Microsoft Windows Vista < SP1 (x86_64), Microsoft Windows Vista Home, Basic Edition < SP1 (x86_64), Microsoft Windows Vista Home, Basic N Edition < SP1 (x86_64), Microsoft Windows Vista Home, Premium Edition < SP1 (x86_64), Microsoft Windows Vista Ultimate Edition < SP1 (x86_64), Microsoft Windows Vista Enterprise Edition < SP1 (x86_64), Microsoft Windows Vista Business Edition < SP1 (x86_64), Microsoft Windows Vista Business N Edition < SP1 (x86_64), Microsoft Windows Vista Starter Edition < SP1 (x86_64)

    Download and install Microsoft patch Windows6.0-KB958644-x64.cab (538665 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2008/10/windows6.0-kb958644-x64_6156746e22baf9bec4c4ac7aa8355b1795c25be0.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2008/10/windows6.0-kb958644-x64_6156746e22baf9bec4c4ac7aa8355b1795c25be0.cab )

3.1.3 MS09-001: Vulnerabilities in SMB Could Allow Remote Code Execution (windows-hotfix-ms09-001)

Description:

This security update resolves several privately reported vulnerabilities in Microsoft Server Message Block (SMB) Protocol. The vulnerabilities could allow remote code execution on affected systems. An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

Affected Nodes:

Affected Nodes:

Additional Information:

192.168.56.103:139

Vulnerable OS: Microsoft Windows XP

\BROWSER: WriteAndX succeeded with offset 77

192.168.56.103:445

Vulnerable OS: Microsoft Windows XP

\BROWSER: WriteAndX succeeded with offset 77

References:

Source

Reference

BID

 31179 ( http://www.securityfocus.com/bid/31179 )

BID

 33121 ( http://www.securityfocus.com/bid/33121 )

BID

 33122 ( http://www.securityfocus.com/bid/33122 )

CERT

 TA09-013A ( http://www.cert.org/advisories/TA09-013A.html )

CVE

 CVE-2008-4114 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4114 )

CVE

 CVE-2008-4834 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4834 )

CVE

 CVE-2008-4835 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4835 )

MS

 MS09-001 ( http://www.microsoft.com/technet/security/bulletin/MS09-001.mspx )

MSKB

 958687 ( http://support.microsoft.com/default.aspx?scid=kb;EN-US;958687 )

OVAL

 OVAL5248 ( http://oval.mitre.org/oval/definitions/data/OVAL5248.html )

OVAL

 OVAL5262 ( http://oval.mitre.org/oval/definitions/data/OVAL5262.html )

OVAL

 OVAL5863 ( http://oval.mitre.org/oval/definitions/data/OVAL5863.html )

OVAL

 OVAL6044 ( http://oval.mitre.org/oval/definitions/data/OVAL6044.html )

SECUNIA

 31883 ( http://secunia.com/advisories/31883/ )

URL

 http://www.vallejo.cc/proyectos/vista_SMB_write_DoS.htm ( http://www.vallejo.cc/proyectos/vista_SMB_write_DoS.htm )

URL

 http://www.zerodayinitiative.com/advisories/ZDI-09-001/ ( http://www.zerodayinitiative.com/advisories/ZDI-09-001/ )

URL

 http://www.zerodayinitiative.com/advisories/ZDI-09-002/ ( http://www.zerodayinitiative.com/advisories/ZDI-09-002/ )

XF

 win-writeandx-dos(45146) ( http://xforce.iss.net/xforce/xfdb/45146 )

Vulnerability Solution:

  • Microsoft Windows 2000 SP4 (x86), Microsoft Windows 2000 Professional SP4 (x86), Microsoft Windows 2000 Server SP4 (x86), Microsoft Windows 2000 Advanced Server SP4 (x86), Microsoft Windows 2000 Datacenter Server SP4 (x86)

    Download and install Microsoft patch Windows2000-KB958687-x86-ENU.EXE (617512 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2008/12/windows2000-kb958687-x86-enu_f0ce8f2df0b10e58fb8c5ee278153eae03ad4ac6.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2008/12/windows2000-kb958687-x86-enu_f0ce8f2df0b10e58fb8c5ee278153eae03ad4ac6.exe )

  • Microsoft Windows XP Professional SP2 OR SP1 (x86_64)

    Download and install Microsoft patch WindowsServer2003.WindowsXP-KB958687-x64-ENU.exe (1237880 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2008/12/windowsserver2003.windowsxp-kb958687-x64-enu_bd4afc8de96367934e54e496a4dd029933a2140f.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2008/12/windowsserver2003.windowsxp-kb958687-x64-enu_bd4afc8de96367934e54e496a4dd029933a2140f.exe )

  • Microsoft Windows Server 2003 SP2 OR SP1 (ia64), Microsoft Windows Server 2003, Standard Edition SP2 OR SP1 (ia64), Microsoft Windows Server 2003, Enterprise Edition SP2 OR SP1 (ia64), Microsoft Windows Server 2003, Datacenter Edition SP2 OR SP1 (ia64), Microsoft Windows Server 2003, Web Edition SP2 OR SP1 (ia64), Microsoft Windows Small Business Server 2003 SP2 OR SP1 (ia64)

    Download and install Microsoft patch WindowsServer2003-KB958687-ia64-ENU.exe (1691512 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2008/12/windowsserver2003-kb958687-ia64-enu_a4d695fccfc7fc0071240d49035fbc9e6fbb16df.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2008/12/windowsserver2003-kb958687-ia64-enu_a4d695fccfc7fc0071240d49035fbc9e6fbb16df.exe )

  • Microsoft Windows XP Professional SP3 OR SP2 (x86), Microsoft Windows XP Home SP3 OR SP2 (x86)

    Download and install Microsoft patch WindowsXP-KB958687-x86-ENU.exe (658288 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2008/12/windowsxp-kb958687-x86-enu_a9b85264e9b75e552ae10cd212937b8686a96833.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2008/12/windowsxp-kb958687-x86-enu_a9b85264e9b75e552ae10cd212937b8686a96833.exe )

  • Microsoft Windows Server 2003 SP2 OR SP1 (x86), Microsoft Windows Server 2003, Standard Edition SP2 OR SP1 (x86), Microsoft Windows Server 2003, Enterprise Edition SP2 OR SP1 (x86), Microsoft Windows Server 2003, Datacenter Edition SP2 OR SP1 (x86), Microsoft Windows Server 2003, Web Edition SP2 OR SP1 (x86), Microsoft Windows Small Business Server 2003 SP2 OR SP1 (x86)

    Download and install Microsoft patch WindowsServer2003-KB958687-x86-ENU.exe (736632 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2008/12/windowsserver2003-kb958687-x86-enu_7769ec8bf8869acd01fb8f9f63d79c23afbad5c6.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2008/12/windowsserver2003-kb958687-x86-enu_7769ec8bf8869acd01fb8f9f63d79c23afbad5c6.exe )

  • Microsoft Windows Server 2003 SP2 OR SP1 (x86_64), Microsoft Windows Server 2003, Standard Edition SP2 OR SP1 (x86_64), Microsoft Windows Server 2003, Enterprise Edition SP2 OR SP1 (x86_64), Microsoft Windows Server 2003, Datacenter Edition SP2 OR SP1 (x86_64), Microsoft Windows Server 2003, Web Edition SP2 OR SP1 (x86_64), Microsoft Windows Small Business Server 2003 SP2 OR SP1 (x86_64)

    Download and install Microsoft patch WindowsServer2003.WindowsXP-KB958687-x64-ENU.exe (1237880 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2008/12/windowsserver2003.windowsxp-kb958687-x64-enu_bd4afc8de96367934e54e496a4dd029933a2140f.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2008/12/windowsserver2003.windowsxp-kb958687-x64-enu_bd4afc8de96367934e54e496a4dd029933a2140f.exe )

  • Microsoft Windows Server 2008 SP1 (x86_64), Microsoft Windows Server 2008 Enterprise Edition SP1 (x86_64), Microsoft Windows Server 2008 Standard Edition SP1 (x86_64), Microsoft Windows Server 2008 Datacenter Edition SP1 (x86_64), Microsoft Windows Server 2008 HPC Edition SP1 (x86_64), Microsoft Windows Server 2008 Web Edition SP1 (x86_64), Microsoft Windows Server 2008 Storage Edition SP1 (x86_64), Microsoft Windows Small Business Server 2008 SP1 (x86_64), Microsoft Windows Essential Business Server 2008 SP1 (x86_64)

    Download and install Microsoft patch Windows6.0-KB958687-x64.cab (352831 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2008/12/windows6.0-kb958687-x64_9403e23fd26952e2a4381732cddab933ea23318a.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2008/12/windows6.0-kb958687-x64_9403e23fd26952e2a4381732cddab933ea23318a.cab )

  • Microsoft Windows Server 2008 SP1 (ia64), Microsoft Windows Server 2008 Enterprise Edition SP1 (ia64), Microsoft Windows Server 2008 Standard Edition SP1 (ia64), Microsoft Windows Server 2008 Datacenter Edition SP1 (ia64), Microsoft Windows Server 2008 HPC Edition SP1 (ia64), Microsoft Windows Server 2008 Web Edition SP1 (ia64), Microsoft Windows Server 2008 Storage Edition SP1 (ia64), Microsoft Windows Small Business Server 2008 SP1 (ia64), Microsoft Windows Essential Business Server 2008 SP1 (ia64)

    Download and install Microsoft patch Windows6.0-KB958687-ia64.cab (435851 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2008/12/windows6.0-kb958687-ia64_370558be1a03d8288e0f17af53fb019576316cc4.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2008/12/windows6.0-kb958687-ia64_370558be1a03d8288e0f17af53fb019576316cc4.cab )

  • Microsoft Windows Server 2008 SP1 (x86), Microsoft Windows Server 2008 Enterprise Edition SP1 (x86), Microsoft Windows Server 2008 Standard Edition SP1 (x86), Microsoft Windows Server 2008 Datacenter Edition SP1 (x86), Microsoft Windows Server 2008 HPC Edition SP1 (x86), Microsoft Windows Server 2008 Web Edition SP1 (x86), Microsoft Windows Server 2008 Storage Edition SP1 (x86), Microsoft Windows Small Business Server 2008 SP1 (x86), Microsoft Windows Essential Business Server 2008 SP1 (x86)

    Download and install Microsoft patch Windows6.0-KB958687-x86.cab (216319 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2008/12/windows6.0-kb958687-x86_48df8df9513e517d7db0a4a75ed2b260c5b7acbf.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2008/12/windows6.0-kb958687-x86_48df8df9513e517d7db0a4a75ed2b260c5b7acbf.cab )

  • Microsoft Windows Vista < SP1 (x86), Microsoft Windows Vista Home, Basic Edition < SP1 (x86), Microsoft Windows Vista Home, Basic N Edition < SP1 (x86), Microsoft Windows Vista Home, Premium Edition < SP1 (x86), Microsoft Windows Vista Ultimate Edition < SP1 (x86), Microsoft Windows Vista Enterprise Edition < SP1 (x86), Microsoft Windows Vista Business Edition < SP1 (x86), Microsoft Windows Vista Business N Edition < SP1 (x86), Microsoft Windows Vista Starter Edition < SP1 (x86)

    Download and install Microsoft patch Windows6.0-KB958687-x86.cab (216319 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2008/12/windows6.0-kb958687-x86_48df8df9513e517d7db0a4a75ed2b260c5b7acbf.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2008/12/windows6.0-kb958687-x86_48df8df9513e517d7db0a4a75ed2b260c5b7acbf.cab )

  • Microsoft Windows Vista < SP1 (x86_64), Microsoft Windows Vista Home, Basic Edition < SP1 (x86_64), Microsoft Windows Vista Home, Basic N Edition < SP1 (x86_64), Microsoft Windows Vista Home, Premium Edition < SP1 (x86_64), Microsoft Windows Vista Ultimate Edition < SP1 (x86_64), Microsoft Windows Vista Enterprise Edition < SP1 (x86_64), Microsoft Windows Vista Business Edition < SP1 (x86_64), Microsoft Windows Vista Business N Edition < SP1 (x86_64), Microsoft Windows Vista Starter Edition < SP1 (x86_64)

    Download and install Microsoft patch Windows6.0-KB958687-x64.cab (352831 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2008/12/windows6.0-kb958687-x64_9403e23fd26952e2a4381732cddab933ea23318a.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2008/12/windows6.0-kb958687-x64_9403e23fd26952e2a4381732cddab933ea23318a.cab )

3.1.4 MS10-012: Vulnerabilities in SMB Server Could Allow Remote Code Execution (windows-hotfix-ms10-012)

Description:

This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities.

Affected Nodes:

Affected Nodes:

Additional Information:

192.168.56.103:139

Running vulnerable CIFS service.

Vulnerable OS: Microsoft Windows XP

Based on the result of the "MS09-001: Vulnerabilities in SMB Could Allow Remote Code Execution" test, this node is vulnerable to this additional issue as well.

192.168.56.103:445

Running vulnerable CIFS service.

Vulnerable OS: Microsoft Windows XP

Based on the result of the "MS09-001: Vulnerabilities in SMB Could Allow Remote Code Execution" test, this node is vulnerable to this additional issue as well.

References:

Source

Reference

CERT

 TA10-040A ( http://www.cert.org/advisories/TA10-040A.html )

CVE

 CVE-2010-0020 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0020 )

CVE

 CVE-2010-0021 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0021 )

CVE

 CVE-2010-0022 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0022 )

CVE

 CVE-2010-0231 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0231 )

MS

 MS10-012 ( http://www.microsoft.com/technet/security/bulletin/MS10-012.mspx )

MSKB

 971468 ( http://support.microsoft.com/default.aspx?scid=kb;EN-US;971468 )

OVAL

 OVAL7751 ( http://oval.mitre.org/oval/definitions/data/OVAL7751.html )

OVAL

 OVAL8314 ( http://oval.mitre.org/oval/definitions/data/OVAL8314.html )

OVAL

 OVAL8438 ( http://oval.mitre.org/oval/definitions/data/OVAL8438.html )

OVAL

 OVAL8524 ( http://oval.mitre.org/oval/definitions/data/OVAL8524.html )

Vulnerability Solution:

  • Microsoft Windows 2000 SP4 (x86), Microsoft Windows 2000 Professional SP4 (x86), Microsoft Windows 2000 Server SP4 (x86), Microsoft Windows 2000 Advanced Server SP4 (x86), Microsoft Windows 2000 Datacenter Server SP4 (x86)

    Download and install Microsoft patch Windows2000-KB971468-x86-ENU.EXE (621304 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windows2000-kb971468-x86-enu_d951943f14a5e6e52fbbbed11ae55882c685795c.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windows2000-kb971468-x86-enu_d951943f14a5e6e52fbbbed11ae55882c685795c.exe )

  • Microsoft Windows 7 < SP1 (x86_64), Microsoft Windows 7 Home, Basic Edition < SP1 (x86_64), Microsoft Windows 7 Home, Basic N Edition < SP1 (x86_64), Microsoft Windows 7 Home, Premium Edition < SP1 (x86_64), Microsoft Windows 7 Home, Premium N Edition < SP1 (x86_64), Microsoft Windows 7 Ultimate Edition < SP1 (x86_64), Microsoft Windows 7 Ultimate N Edition < SP1 (x86_64), Microsoft Windows 7 Enterprise Edition < SP1 (x86_64), Microsoft Windows 7 Enterprise N Edition < SP1 (x86_64), Microsoft Windows 7 Professional Edition < SP1 (x86_64), Microsoft Windows 7 Starter Edition < SP1 (x86_64), Microsoft Windows 7 Starter N Edition < SP1 (x86_64)

    Download and install Microsoft patch Windows6.1-KB971468-x64.cab (312331 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windows6.1-kb971468-x64_3a3cb2d4ce0f6bb55955bb8098a998b3f125ee49.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windows6.1-kb971468-x64_3a3cb2d4ce0f6bb55955bb8098a998b3f125ee49.cab )

  • Microsoft Windows Server 2008 SP2 OR SP1 (ia64), Microsoft Windows Server 2008 Enterprise Edition SP2 OR SP1 (ia64), Microsoft Windows Server 2008 Standard Edition SP2 OR SP1 (ia64), Microsoft Windows Server 2008 Datacenter Edition SP2 OR SP1 (ia64), Microsoft Windows Server 2008 HPC Edition SP2 OR SP1 (ia64), Microsoft Windows Server 2008 Web Edition SP2 OR SP1 (ia64), Microsoft Windows Server 2008 Storage Edition SP2 OR SP1 (ia64), Microsoft Windows Small Business Server 2008 SP2 OR SP1 (ia64), Microsoft Windows Essential Business Server 2008 SP2 OR SP1 (ia64)

    Download and install Microsoft patch Windows6.0-KB971468-ia64.cab (625509 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windows6.0-kb971468-ia64_128eb8cad7194b012b81e9b1755bd35a3b46fab4.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windows6.0-kb971468-ia64_128eb8cad7194b012b81e9b1755bd35a3b46fab4.cab )

  • Microsoft Windows Server 2003 SP2 (x86_64), Microsoft Windows Server 2003, Standard Edition SP2 (x86_64), Microsoft Windows Server 2003, Enterprise Edition SP2 (x86_64), Microsoft Windows Server 2003, Datacenter Edition SP2 (x86_64), Microsoft Windows Server 2003, Web Edition SP2 (x86_64), Microsoft Windows Small Business Server 2003 SP2 (x86_64)

    Download and install Microsoft patch WindowsServer2003.WindowsXP-KB971468-x64-ENU.exe (1026944 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windowsserver2003.windowsxp-kb971468-x64-enu_8ea00e574a923da8a3aa9205a07780ed0a8741fa.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windowsserver2003.windowsxp-kb971468-x64-enu_8ea00e574a923da8a3aa9205a07780ed0a8741fa.exe )

  • Microsoft Windows Server 2008 R2 < SP1 (ia64), Microsoft Windows Server 2008 R2, Enterprise Edition < SP1 (ia64), Microsoft Windows Server 2008 R2, Standard Edition < SP1 (ia64), Microsoft Windows Server 2008 R2, Datacenter Edition < SP1 (ia64), Microsoft Windows Server 2008 R2, Web Edition < SP1 (ia64)

    Download and install Microsoft patch Windows6.1-KB971468-ia64.cab (580941 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windows6.1-kb971468-ia64_414bf40b7690407c9ec9586ac8de40ff824e53a9.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windows6.1-kb971468-ia64_414bf40b7690407c9ec9586ac8de40ff824e53a9.cab )

  • Microsoft Windows Server 2008 R2 < SP1 (x86_64), Microsoft Windows Server 2008 R2, Enterprise Edition < SP1 (x86_64), Microsoft Windows Server 2008 R2, Standard Edition < SP1 (x86_64), Microsoft Windows Server 2008 R2, Datacenter Edition < SP1 (x86_64), Microsoft Windows Server 2008 R2, Web Edition < SP1 (x86_64)

    Download and install Microsoft patch Windows6.1-KB971468-x64.cab (312331 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windows6.1-kb971468-x64_3a3cb2d4ce0f6bb55955bb8098a998b3f125ee49.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windows6.1-kb971468-x64_3a3cb2d4ce0f6bb55955bb8098a998b3f125ee49.cab )

  • Microsoft Windows Server 2003 SP2 (x86), Microsoft Windows Server 2003, Standard Edition SP2 (x86), Microsoft Windows Server 2003, Enterprise Edition SP2 (x86), Microsoft Windows Server 2003, Datacenter Edition SP2 (x86), Microsoft Windows Server 2003, Web Edition SP2 (x86), Microsoft Windows Small Business Server 2003 SP2 (x86)

    Download and install Microsoft patch WindowsServer2003-KB971468-x86-ENU.exe (681856 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windowsserver2003-kb971468-x86-enu_b6dcb60d113c4affd98b5bae0dfd1f5a785ae64d.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windowsserver2003-kb971468-x86-enu_b6dcb60d113c4affd98b5bae0dfd1f5a785ae64d.exe )

  • Microsoft Windows Server 2003 SP2 (ia64), Microsoft Windows Server 2003, Standard Edition SP2 (ia64), Microsoft Windows Server 2003, Enterprise Edition SP2 (ia64), Microsoft Windows Server 2003, Datacenter Edition SP2 (ia64), Microsoft Windows Server 2003, Web Edition SP2 (ia64), Microsoft Windows Small Business Server 2003 SP2 (ia64)

    Download and install Microsoft patch WindowsServer2003-KB971468-ia64-ENU.exe (1589632 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windowsserver2003-kb971468-ia64-enu_faece6ff07ec2a029b74f49a959f1510eb38f3e7.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windowsserver2003-kb971468-ia64-enu_faece6ff07ec2a029b74f49a959f1510eb38f3e7.exe )

  • Microsoft Windows 7 < SP1 (x86), Microsoft Windows 7 Home, Basic Edition < SP1 (x86), Microsoft Windows 7 Home, Basic N Edition < SP1 (x86), Microsoft Windows 7 Home, Premium Edition < SP1 (x86), Microsoft Windows 7 Home, Premium N Edition < SP1 (x86), Microsoft Windows 7 Ultimate Edition < SP1 (x86), Microsoft Windows 7 Ultimate N Edition < SP1 (x86), Microsoft Windows 7 Enterprise Edition < SP1 (x86), Microsoft Windows 7 Enterprise N Edition < SP1 (x86), Microsoft Windows 7 Professional Edition < SP1 (x86), Microsoft Windows 7 Starter Edition < SP1 (x86), Microsoft Windows 7 Starter N Edition < SP1 (x86)

    Download and install Microsoft patch Windows6.1-KB971468-x86.cab (224255 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windows6.1-kb971468-x86_79bba3989c41d43fce69d5d04709f061c3c6f5f5.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windows6.1-kb971468-x86_79bba3989c41d43fce69d5d04709f061c3c6f5f5.cab )

  • Microsoft Windows XP Professional SP3 OR SP2 (x86), Microsoft Windows XP Home SP3 OR SP2 (x86)

    Download and install Microsoft patch WindowsXP-KB971468-x86-ENU.exe (664952 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windowsxp-kb971468-x86-enu_68d7899c8b8462219daf40f02c6fb9f362b1ee6b.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windowsxp-kb971468-x86-enu_68d7899c8b8462219daf40f02c6fb9f362b1ee6b.exe )

  • Microsoft Windows Vista SP2 OR < SP1 OR SP1 (x86), Microsoft Windows Vista Home, Basic Edition SP2 OR < SP1 OR SP1 (x86), Microsoft Windows Vista Home, Basic N Edition SP2 OR < SP1 OR SP1 (x86), Microsoft Windows Vista Home, Premium Edition SP2 OR < SP1 OR SP1 (x86), Microsoft Windows Vista Ultimate Edition SP2 OR < SP1 OR SP1 (x86), Microsoft Windows Vista Enterprise Edition SP2 OR < SP1 OR SP1 (x86), Microsoft Windows Vista Business Edition SP2 OR < SP1 OR SP1 (x86), Microsoft Windows Vista Business N Edition SP2 OR < SP1 OR SP1 (x86), Microsoft Windows Vista Starter Edition SP2 OR < SP1 OR SP1 (x86)

    Download and install Microsoft patch Windows6.0-KB971468-x86.cab (319207 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windows6.0-kb971468-x86_673ca9ff1fae6a26038f2e8764d07033c451de06.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windows6.0-kb971468-x86_673ca9ff1fae6a26038f2e8764d07033c451de06.cab )

  • Microsoft Windows Server 2008 SP2 OR SP1 (x86_64), Microsoft Windows Server 2008 Enterprise Edition SP2 OR SP1 (x86_64), Microsoft Windows Server 2008 Standard Edition SP2 OR SP1 (x86_64), Microsoft Windows Server 2008 Datacenter Edition SP2 OR SP1 (x86_64), Microsoft Windows Server 2008 HPC Edition SP2 OR SP1 (x86_64), Microsoft Windows Server 2008 Web Edition SP2 OR SP1 (x86_64), Microsoft Windows Server 2008 Storage Edition SP2 OR SP1 (x86_64), Microsoft Windows Small Business Server 2008 SP2 OR SP1 (x86_64), Microsoft Windows Essential Business Server 2008 SP2 OR SP1 (x86_64)

    Download and install Microsoft patch Windows6.0-KB971468-x64.cab (595103 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windows6.0-kb971468-x64_b33a54f7e4f6f3f8664b5f240ab148f770a28660.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windows6.0-kb971468-x64_b33a54f7e4f6f3f8664b5f240ab148f770a28660.cab )

  • Microsoft Windows XP Professional SP2 (x86_64)

    Download and install Microsoft patch WindowsServer2003.WindowsXP-KB971468-x64-ENU.exe (1026944 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windowsserver2003.windowsxp-kb971468-x64-enu_8ea00e574a923da8a3aa9205a07780ed0a8741fa.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windowsserver2003.windowsxp-kb971468-x64-enu_8ea00e574a923da8a3aa9205a07780ed0a8741fa.exe )

  • Microsoft Windows Server 2008 SP2 OR SP1 (x86), Microsoft Windows Server 2008 Enterprise Edition SP2 OR SP1 (x86), Microsoft Windows Server 2008 Standard Edition SP2 OR SP1 (x86), Microsoft Windows Server 2008 Datacenter Edition SP2 OR SP1 (x86), Microsoft Windows Server 2008 HPC Edition SP2 OR SP1 (x86), Microsoft Windows Server 2008 Web Edition SP2 OR SP1 (x86), Microsoft Windows Server 2008 Storage Edition SP2 OR SP1 (x86), Microsoft Windows Small Business Server 2008 SP2 OR SP1 (x86), Microsoft Windows Essential Business Server 2008 SP2 OR SP1 (x86)

    Download and install Microsoft patch Windows6.0-KB971468-x86.cab (319207 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windows6.0-kb971468-x86_673ca9ff1fae6a26038f2e8764d07033c451de06.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windows6.0-kb971468-x86_673ca9ff1fae6a26038f2e8764d07033c451de06.cab )

  • Microsoft Windows Vista SP2 OR < SP1 OR SP1 (x86_64), Microsoft Windows Vista Home, Basic Edition SP2 OR < SP1 OR SP1 (x86_64), Microsoft Windows Vista Home, Basic N Edition SP2 OR < SP1 OR SP1 (x86_64), Microsoft Windows Vista Home, Premium Edition SP2 OR < SP1 OR SP1 (x86_64), Microsoft Windows Vista Ultimate Edition SP2 OR < SP1 OR SP1 (x86_64), Microsoft Windows Vista Enterprise Edition SP2 OR < SP1 OR SP1 (x86_64), Microsoft Windows Vista Business Edition SP2 OR < SP1 OR SP1 (x86_64), Microsoft Windows Vista Business N Edition SP2 OR < SP1 OR SP1 (x86_64), Microsoft Windows Vista Starter Edition SP2 OR < SP1 OR SP1 (x86_64)

    Download and install Microsoft patch Windows6.0-KB971468-x64.cab (595103 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windows6.0-kb971468-x64_b33a54f7e4f6f3f8664b5f240ab148f770a28660.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windows6.0-kb971468-x64_b33a54f7e4f6f3f8664b5f240ab148f770a28660.cab )

  • Microsoft Windows 2000 SP4 (x86), Microsoft Windows 2000 Professional SP4 (x86), Microsoft Windows 2000 Server SP4 (x86), Microsoft Windows 2000 Advanced Server SP4 (x86), Microsoft Windows 2000 Datacenter Server SP4 (x86)

    Download and install Microsoft patch Windows2000-KB971468-x86-ENU.EXE (621304 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windows2000-kb971468-x86-enu_d951943f14a5e6e52fbbbed11ae55882c685795c.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/01/windows2000-kb971468-x86-enu_d951943f14a5e6e52fbbbed11ae55882c685795c.exe )

3.1.5 MS10-054: Vulnerabilities in SMB Server Could Allow Remote Code Execution (windows-hotfix-ms10-054)

Description:

This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities.

Affected Nodes:

Affected Nodes:

Additional Information:

192.168.56.103:139

Running vulnerable CIFS service.

Vulnerable OS: Microsoft Windows XP

Based on the result of the "MS09-001: Vulnerabilities in SMB Could Allow Remote Code Execution" test, this node is vulnerable to this additional issue as well.

192.168.56.103:445

Running vulnerable CIFS service.

Vulnerable OS: Microsoft Windows XP

Based on the result of the "MS09-001: Vulnerabilities in SMB Could Allow Remote Code Execution" test, this node is vulnerable to this additional issue as well.

References:

Source

Reference

CERT

 TA10-222A ( http://www.cert.org/advisories/TA10-222A.html )

CVE

 CVE-2010-2550 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2550 )

CVE

 CVE-2010-2551 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2551 )

CVE

 CVE-2010-2552 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2552 )

MS

 MS10-054 ( http://www.microsoft.com/technet/security/bulletin/MS10-054.mspx )

MSKB

 982214 ( http://support.microsoft.com/default.aspx?scid=kb;EN-US;982214 )

OVAL

 OVAL11106 ( http://oval.mitre.org/oval/definitions/data/OVAL11106.html )

OVAL

 OVAL12015 ( http://oval.mitre.org/oval/definitions/data/OVAL12015.html )

OVAL

 OVAL12072 ( http://oval.mitre.org/oval/definitions/data/OVAL12072.html )

Vulnerability Solution:

  • Microsoft Windows Server 2003, Datacenter Edition SP2 (ia64), Microsoft Windows Server 2003 SP2 (ia64), Microsoft Windows Server 2003, Standard Edition SP2 (ia64), Microsoft Windows Server 2003, Enterprise Edition SP2 (ia64), Microsoft Windows Server 2003, Web Edition SP2 (ia64), Microsoft Windows Small Business Server 2003 SP2 (ia64)

    Download and install Microsoft patch windowsserver2003-kb982214-ia64-enu.exe (1592192 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windowsserver2003-kb982214-ia64-enu_d986a271296ea77588377f911eb9e9f47c5c65cd.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windowsserver2003-kb982214-ia64-enu_d986a271296ea77588377f911eb9e9f47c5c65cd.exe )

  • Microsoft Windows Server 2003, Datacenter Edition SP2 (x86_64), Microsoft Windows Server 2003 SP2 (x86_64), Microsoft Windows Server 2003, Standard Edition SP2 (x86_64), Microsoft Windows Server 2003, Enterprise Edition SP2 (x86_64), Microsoft Windows Server 2003, Web Edition SP2 (x86_64), Microsoft Windows Small Business Server 2003 SP2 (x86_64)

    Download and install Microsoft patch windowsserver2003.windowsxp-kb982214-x64-enu.exe (1027968 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windowsserver2003.windowsxp-kb982214-x64-enu_3780ab4068c4715ca93c4d5e4d9d4dbf9bbb6bc3.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windowsserver2003.windowsxp-kb982214-x64-enu_3780ab4068c4715ca93c4d5e4d9d4dbf9bbb6bc3.exe )

  • Microsoft Windows Server 2003, Datacenter Edition SP2 (x86), Microsoft Windows Server 2003 SP2 (x86), Microsoft Windows Server 2003, Standard Edition SP2 (x86), Microsoft Windows Server 2003, Enterprise Edition SP2 (x86), Microsoft Windows Server 2003, Web Edition SP2 (x86), Microsoft Windows Small Business Server 2003 SP2 (x86)

    Download and install Microsoft patch windowsserver2003-kb982214-x86-enu.exe (682880 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windowsserver2003-kb982214-x86-enu_40e37ace02116c2baf27c14c7e3d1883887707e6.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windowsserver2003-kb982214-x86-enu_40e37ace02116c2baf27c14c7e3d1883887707e6.exe )

  • Microsoft Windows Server 2008 R2 < SP1 (ia64), Microsoft Windows Server 2008 R2, Enterprise Edition < SP1 (ia64), Microsoft Windows Server 2008 R2, Standard Edition < SP1 (ia64), Microsoft Windows Server 2008 R2, Datacenter Edition < SP1 (ia64), Microsoft Windows Server 2008 R2, Web Edition < SP1 (ia64)

    Download and install Microsoft patch windows6.1-kb982214-ia64.cab (874695 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windows6.1-kb982214-ia64_4e43dff8c379c89082305f797ad47c973fb24669.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windows6.1-kb982214-ia64_4e43dff8c379c89082305f797ad47c973fb24669.cab )

  • Microsoft Windows 7 < SP1 (x86_64), Microsoft Windows 7 Home, Basic Edition < SP1 (x86_64), Microsoft Windows 7 Home, Basic N Edition < SP1 (x86_64), Microsoft Windows 7 Home, Premium Edition < SP1 (x86_64), Microsoft Windows 7 Home, Premium N Edition < SP1 (x86_64), Microsoft Windows 7 Ultimate Edition < SP1 (x86_64), Microsoft Windows 7 Ultimate N Edition < SP1 (x86_64), Microsoft Windows 7 Enterprise Edition < SP1 (x86_64), Microsoft Windows 7 Enterprise N Edition < SP1 (x86_64), Microsoft Windows 7 Professional Edition < SP1 (x86_64), Microsoft Windows 7 Starter Edition < SP1 (x86_64), Microsoft Windows 7 Starter N Edition < SP1 (x86_64)

    Download and install Microsoft patch windows6.1-kb982214-x64.cab (472691 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windows6.1-kb982214-x64_5e0e4bbc550c76a3f19bd8a62946e34a709e77ba.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windows6.1-kb982214-x64_5e0e4bbc550c76a3f19bd8a62946e34a709e77ba.cab )

  • Microsoft Windows Server 2008 R2 < SP1 (x86_64), Microsoft Windows Server 2008 R2, Enterprise Edition < SP1 (x86_64), Microsoft Windows Server 2008 R2, Standard Edition < SP1 (x86_64), Microsoft Windows Server 2008 R2, Datacenter Edition < SP1 (x86_64), Microsoft Windows Server 2008 R2, Web Edition < SP1 (x86_64)

    Download and install Microsoft patch windows6.1-kb982214-x64.cab (472691 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windows6.1-kb982214-x64_5e0e4bbc550c76a3f19bd8a62946e34a709e77ba.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windows6.1-kb982214-x64_5e0e4bbc550c76a3f19bd8a62946e34a709e77ba.cab )

  • Microsoft Windows 7 < SP1 (x86), Microsoft Windows 7 Home, Basic Edition < SP1 (x86), Microsoft Windows 7 Home, Basic N Edition < SP1 (x86), Microsoft Windows 7 Home, Premium Edition < SP1 (x86), Microsoft Windows 7 Home, Premium N Edition < SP1 (x86), Microsoft Windows 7 Ultimate Edition < SP1 (x86), Microsoft Windows 7 Ultimate N Edition < SP1 (x86), Microsoft Windows 7 Enterprise Edition < SP1 (x86), Microsoft Windows 7 Enterprise N Edition < SP1 (x86), Microsoft Windows 7 Professional Edition < SP1 (x86), Microsoft Windows 7 Starter Edition < SP1 (x86), Microsoft Windows 7 Starter N Edition < SP1 (x86)

    Download and install Microsoft patch windows6.1-kb982214-x86.cab (327665 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windows6.1-kb982214-x86_64510c7e538a829499509d65018ae2c4894b8238.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windows6.1-kb982214-x86_64510c7e538a829499509d65018ae2c4894b8238.cab )

  • Microsoft Windows XP Professional SP3 (x86), Microsoft Windows XP Home SP3 (x86)

    Download and install Microsoft patch windowsxp-kb982214-x86-enu.exe (661368 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windowsxp-kb982214-x86-enu_a24853f682dad3157da4e4a39372951a8ec1e407.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windowsxp-kb982214-x86-enu_a24853f682dad3157da4e4a39372951a8ec1e407.exe )

  • Microsoft Windows XP Professional SP2 (x86_64)

    Download and install Microsoft patch windowsserver2003.windowsxp-kb982214-x64-enu.exe (1027968 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windowsserver2003.windowsxp-kb982214-x64-enu_3780ab4068c4715ca93c4d5e4d9d4dbf9bbb6bc3.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windowsserver2003.windowsxp-kb982214-x64-enu_3780ab4068c4715ca93c4d5e4d9d4dbf9bbb6bc3.exe )

  • Microsoft Windows Server 2008 SP2 OR SP1 (x86), Microsoft Windows Server 2008 Enterprise Edition SP2 OR SP1 (x86), Microsoft Windows Server 2008 Standard Edition SP2 OR SP1 (x86), Microsoft Windows Server 2008 Datacenter Edition SP2 OR SP1 (x86), Microsoft Windows Server 2008 HPC Edition SP2 OR SP1 (x86), Microsoft Windows Server 2008 Web Edition SP2 OR SP1 (x86), Microsoft Windows Server 2008 Storage Edition SP2 OR SP1 (x86), Microsoft Windows Small Business Server 2008 SP2 OR SP1 (x86), Microsoft Windows Essential Business Server 2008 SP2 OR SP1 (x86)

    Download and install Microsoft patch windows6.0-kb982214-x86.cab (325694 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windows6.0-kb982214-x86_50d77476159fef060a2470a0f66e7e8ecb9808ea.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windows6.0-kb982214-x86_50d77476159fef060a2470a0f66e7e8ecb9808ea.cab )

  • Microsoft Windows Vista SP2 OR SP1 (x86_64), Microsoft Windows Vista Home, Basic Edition SP2 OR SP1 (x86_64), Microsoft Windows Vista Home, Basic N Edition SP2 OR SP1 (x86_64), Microsoft Windows Vista Home, Premium Edition SP2 OR SP1 (x86_64), Microsoft Windows Vista Ultimate Edition SP2 OR SP1 (x86_64), Microsoft Windows Vista Enterprise Edition SP2 OR SP1 (x86_64), Microsoft Windows Vista Business Edition SP2 OR SP1 (x86_64), Microsoft Windows Vista Business N Edition SP2 OR SP1 (x86_64), Microsoft Windows Vista Starter Edition SP2 OR SP1 (x86_64)

    Download and install Microsoft patch windows6.0-kb982214-x64.cab (526660 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windows6.0-kb982214-x64_d01b09bc4ccbae1f654548187a07776c1cc6ac2c.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windows6.0-kb982214-x64_d01b09bc4ccbae1f654548187a07776c1cc6ac2c.cab )

  • Microsoft Windows Vista SP2 OR SP1 (x86), Microsoft Windows Vista Home, Basic Edition SP2 OR SP1 (x86), Microsoft Windows Vista Home, Basic N Edition SP2 OR SP1 (x86), Microsoft Windows Vista Home, Premium Edition SP2 OR SP1 (x86), Microsoft Windows Vista Ultimate Edition SP2 OR SP1 (x86), Microsoft Windows Vista Enterprise Edition SP2 OR SP1 (x86), Microsoft Windows Vista Business Edition SP2 OR SP1 (x86), Microsoft Windows Vista Business N Edition SP2 OR SP1 (x86), Microsoft Windows Vista Starter Edition SP2 OR SP1 (x86)

    Download and install Microsoft patch windows6.0-kb982214-x86.cab (325694 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windows6.0-kb982214-x86_50d77476159fef060a2470a0f66e7e8ecb9808ea.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windows6.0-kb982214-x86_50d77476159fef060a2470a0f66e7e8ecb9808ea.cab )

  • Microsoft Windows Server 2008 SP2 OR SP1 (x86_64), Microsoft Windows Server 2008 Enterprise Edition SP2 OR SP1 (x86_64), Microsoft Windows Server 2008 Standard Edition SP2 OR SP1 (x86_64), Microsoft Windows Server 2008 Datacenter Edition SP2 OR SP1 (x86_64), Microsoft Windows Server 2008 HPC Edition SP2 OR SP1 (x86_64), Microsoft Windows Server 2008 Web Edition SP2 OR SP1 (x86_64), Microsoft Windows Server 2008 Storage Edition SP2 OR SP1 (x86_64), Microsoft Windows Small Business Server 2008 SP2 OR SP1 (x86_64), Microsoft Windows Essential Business Server 2008 SP2 OR SP1 (x86_64)

    Download and install Microsoft patch windows6.0-kb982214-x64.cab (526660 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windows6.0-kb982214-x64_d01b09bc4ccbae1f654548187a07776c1cc6ac2c.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windows6.0-kb982214-x64_d01b09bc4ccbae1f654548187a07776c1cc6ac2c.cab )

  • Microsoft Windows Server 2008 SP2 OR SP1 (ia64), Microsoft Windows Server 2008 Enterprise Edition SP2 OR SP1 (ia64), Microsoft Windows Server 2008 Standard Edition SP2 OR SP1 (ia64), Microsoft Windows Server 2008 Datacenter Edition SP2 OR SP1 (ia64), Microsoft Windows Server 2008 HPC Edition SP2 OR SP1 (ia64), Microsoft Windows Server 2008 Web Edition SP2 OR SP1 (ia64), Microsoft Windows Server 2008 Storage Edition SP2 OR SP1 (ia64), Microsoft Windows Small Business Server 2008 SP2 OR SP1 (ia64), Microsoft Windows Essential Business Server 2008 SP2 OR SP1 (ia64)

    Download and install Microsoft patch windows6.0-kb982214-ia64.cab (828775 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windows6.0-kb982214-ia64_16915a0396cce04aa40749c46917fc1bc5c8fa33.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2010/07/windows6.0-kb982214-ia64_16915a0396cce04aa40749c46917fc1bc5c8fa33.cab )

3.1.6 MS11-020: Vulnerability in SMB Server Could Allow Remote Code Execution (windows-hotfix-ms11-020)

Description:

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities.

Affected Nodes:

Affected Nodes:

Additional Information:

192.168.56.103:139

Running vulnerable CIFS service.

Vulnerable OS: Microsoft Windows XP

Based on the result of the "MS09-001: Vulnerabilities in SMB Could Allow Remote Code Execution" test, this node is vulnerable to this additional issue as well.

192.168.56.103:445

Running vulnerable CIFS service.

Vulnerable OS: Microsoft Windows XP

Based on the result of the "MS09-001: Vulnerabilities in SMB Could Allow Remote Code Execution" test, this node is vulnerable to this additional issue as well.

References:

Source

Reference

BID

 47198 ( http://www.securityfocus.com/bid/47198 )

CVE

 CVE-2011-0661 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0661 )

MS

 MS11-020 ( http://www.microsoft.com/technet/security/bulletin/MS11-020.mspx )

MSKB

 2508429 ( http://support.microsoft.com/default.aspx?scid=kb;EN-US;2508429 )

OSVDB

 71781 ( http://www.osvdb.org/displayvuln.php?osvdb_id=71781 )

OVAL

 OVAL12076 ( http://oval.mitre.org/oval/definitions/data/OVAL12076.html )

SECUNIA

 44072 ( http://secunia.com/advisories/44072/ )

Vulnerability Solution:

  • Microsoft Windows Server 2003, Datacenter Edition SP2 (ia64), Microsoft Windows Server 2003 SP2 (ia64), Microsoft Windows Server 2003, Standard Edition SP2 (ia64), Microsoft Windows Server 2003, Enterprise Edition SP2 (ia64), Microsoft Windows Server 2003, Web Edition SP2 (ia64), Microsoft Windows Small Business Server 2003 SP2 (ia64)

    Download and install Microsoft patch windowsserver2003-kb2508429-ia64-enu.exe (1594752 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windowsserver2003-kb2508429-ia64-enu_faf3379e9a02880b55216401f0a17a55be2828ff.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windowsserver2003-kb2508429-ia64-enu_faf3379e9a02880b55216401f0a17a55be2828ff.exe )

  • Microsoft Windows 7 SP1 OR < SP1 (x86), Microsoft Windows 7 Home, Basic Edition SP1 OR < SP1 (x86), Microsoft Windows 7 Home, Basic N Edition SP1 OR < SP1 (x86), Microsoft Windows 7 Home, Premium Edition SP1 OR < SP1 (x86), Microsoft Windows 7 Home, Premium N Edition SP1 OR < SP1 (x86), Microsoft Windows 7 Ultimate Edition SP1 OR < SP1 (x86), Microsoft Windows 7 Ultimate N Edition SP1 OR < SP1 (x86), Microsoft Windows 7 Enterprise Edition SP1 OR < SP1 (x86), Microsoft Windows 7 Enterprise N Edition SP1 OR < SP1 (x86), Microsoft Windows 7 Professional Edition SP1 OR < SP1 (x86), Microsoft Windows 7 Starter Edition SP1 OR < SP1 (x86), Microsoft Windows 7 Starter N Edition SP1 OR < SP1 (x86)

    Download and install Microsoft patch windows6.1-kb2508429-x86.cab (356305 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windows6.1-kb2508429-x86_f2be12aa3f8a2ced67f0775ebe49ac2ae83eed4e.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windows6.1-kb2508429-x86_f2be12aa3f8a2ced67f0775ebe49ac2ae83eed4e.cab )

  • Microsoft Windows Server 2008 SP2 OR SP1 (x86), Microsoft Windows Server 2008 Enterprise Edition SP2 OR SP1 (x86), Microsoft Windows Server 2008 Standard Edition SP2 OR SP1 (x86), Microsoft Windows Server 2008 Datacenter Edition SP2 OR SP1 (x86), Microsoft Windows Server 2008 HPC Edition SP2 OR SP1 (x86), Microsoft Windows Server 2008 Web Edition SP2 OR SP1 (x86), Microsoft Windows Server 2008 Storage Edition SP2 OR SP1 (x86), Microsoft Windows Small Business Server 2008 SP2 OR SP1 (x86), Microsoft Windows Essential Business Server 2008 SP2 OR SP1 (x86)

    Download and install Microsoft patch windows6.0-kb2508429-x86.cab (332927 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windows6.0-kb2508429-x86_2e7adf8e8e545432372edbd59952a925fb7a69da.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windows6.0-kb2508429-x86_2e7adf8e8e545432372edbd59952a925fb7a69da.cab )

  • Microsoft Windows Server 2008 R2 SP1 OR < SP1 (ia64), Microsoft Windows Server 2008 R2, Enterprise Edition SP1 OR < SP1 (ia64), Microsoft Windows Server 2008 R2, Standard Edition SP1 OR < SP1 (ia64), Microsoft Windows Server 2008 R2, Datacenter Edition SP1 OR < SP1 (ia64), Microsoft Windows Server 2008 R2, Web Edition SP1 OR < SP1 (ia64)

    Download and install Microsoft patch windows6.1-kb2508429-ia64.cab (944649 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windows6.1-kb2508429-ia64_608095e0f23a03b2ad13993d669e24d7c2085c82.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windows6.1-kb2508429-ia64_608095e0f23a03b2ad13993d669e24d7c2085c82.cab )

  • Microsoft Windows Server 2003, Datacenter Edition SP2 (x86_64), Microsoft Windows Server 2003 SP2 (x86_64), Microsoft Windows Server 2003, Standard Edition SP2 (x86_64), Microsoft Windows Server 2003, Enterprise Edition SP2 (x86_64), Microsoft Windows Server 2003, Web Edition SP2 (x86_64), Microsoft Windows Small Business Server 2003 SP2 (x86_64)

    Download and install Microsoft patch windowsserver2003.windowsxp-kb2508429-x64-enu.exe (1044864 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windowsserver2003.windowsxp-kb2508429-x64-enu_a1ab44f33a891a3fdff7273ad240f35d5af7ce99.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windowsserver2003.windowsxp-kb2508429-x64-enu_a1ab44f33a891a3fdff7273ad240f35d5af7ce99.exe )

  • Microsoft Windows Server 2008 R2 SP1 OR < SP1 (x86_64), Microsoft Windows Server 2008 R2, Enterprise Edition SP1 OR < SP1 (x86_64), Microsoft Windows Server 2008 R2, Standard Edition SP1 OR < SP1 (x86_64), Microsoft Windows Server 2008 R2, Datacenter Edition SP1 OR < SP1 (x86_64), Microsoft Windows Server 2008 R2, Web Edition SP1 OR < SP1 (x86_64)

    Download and install Microsoft patch windows6.1-kb2508429-x64.cab (603705 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windows6.1-kb2508429-x64_4728219cedc4a3c80dfb7e46106f48dc766a45cf.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windows6.1-kb2508429-x64_4728219cedc4a3c80dfb7e46106f48dc766a45cf.cab )

  • Microsoft Windows Vista SP2 OR SP1 (x86_64), Microsoft Windows Vista Home, Basic Edition SP2 OR SP1 (x86_64), Microsoft Windows Vista Home, Basic N Edition SP2 OR SP1 (x86_64), Microsoft Windows Vista Home, Premium Edition SP2 OR SP1 (x86_64), Microsoft Windows Vista Ultimate Edition SP2 OR SP1 (x86_64), Microsoft Windows Vista Enterprise Edition SP2 OR SP1 (x86_64), Microsoft Windows Vista Business Edition SP2 OR SP1 (x86_64), Microsoft Windows Vista Business N Edition SP2 OR SP1 (x86_64), Microsoft Windows Vista Starter Edition SP2 OR SP1 (x86_64)

    Download and install Microsoft patch windows6.0-kb2508429-x64.cab (548015 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windows6.0-kb2508429-x64_3699754fcaac488ea60cd1886b6929f9610f7a0e.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windows6.0-kb2508429-x64_3699754fcaac488ea60cd1886b6929f9610f7a0e.cab )

  • Microsoft Windows Server 2003, Datacenter Edition SP2 (x86), Microsoft Windows Server 2003 SP2 (x86), Microsoft Windows Server 2003, Standard Edition SP2 (x86), Microsoft Windows Server 2003, Enterprise Edition SP2 (x86), Microsoft Windows Server 2003, Web Edition SP2 (x86), Microsoft Windows Small Business Server 2003 SP2 (x86)

    Download and install Microsoft patch windowsserver2003-kb2508429-x86-enu.exe (693120 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windowsserver2003-kb2508429-x86-enu_1d4ff4ef7163f06d580e7fbc94cc222bafd0733f.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windowsserver2003-kb2508429-x86-enu_1d4ff4ef7163f06d580e7fbc94cc222bafd0733f.exe )

  • Microsoft Windows XP Professional SP2 (x86_64)

    Download and install Microsoft patch windowsserver2003.windowsxp-kb2508429-x64-enu.exe (1044864 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windowsserver2003.windowsxp-kb2508429-x64-enu_a1ab44f33a891a3fdff7273ad240f35d5af7ce99.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windowsserver2003.windowsxp-kb2508429-x64-enu_a1ab44f33a891a3fdff7273ad240f35d5af7ce99.exe )

  • Microsoft Windows XP Professional SP3 (x86), Microsoft Windows XP Home SP3 (x86)

    Download and install Microsoft patch windowsxp-kb2508429-x86-enu.exe (664960 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windowsxp-kb2508429-x86-enu_e0b40d81f2ecc1bad43439a6bd0a9e2a0ab7dd56.exe ( http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windowsxp-kb2508429-x86-enu_e0b40d81f2ecc1bad43439a6bd0a9e2a0ab7dd56.exe )

  • Microsoft Windows 7 SP1 OR < SP1 (x86_64), Microsoft Windows 7 Home, Basic Edition SP1 OR < SP1 (x86_64), Microsoft Windows 7 Home, Basic N Edition SP1 OR < SP1 (x86_64), Microsoft Windows 7 Home, Premium Edition SP1 OR < SP1 (x86_64), Microsoft Windows 7 Home, Premium N Edition SP1 OR < SP1 (x86_64), Microsoft Windows 7 Ultimate Edition SP1 OR < SP1 (x86_64), Microsoft Windows 7 Ultimate N Edition SP1 OR < SP1 (x86_64), Microsoft Windows 7 Enterprise Edition SP1 OR < SP1 (x86_64), Microsoft Windows 7 Enterprise N Edition SP1 OR < SP1 (x86_64), Microsoft Windows 7 Professional Edition SP1 OR < SP1 (x86_64), Microsoft Windows 7 Starter Edition SP1 OR < SP1 (x86_64), Microsoft Windows 7 Starter N Edition SP1 OR < SP1 (x86_64)

    Download and install Microsoft patch windows6.1-kb2508429-x64.cab (603705 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windows6.1-kb2508429-x64_4728219cedc4a3c80dfb7e46106f48dc766a45cf.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windows6.1-kb2508429-x64_4728219cedc4a3c80dfb7e46106f48dc766a45cf.cab )

  • Microsoft Windows Server 2008 SP2 OR SP1 (x86_64), Microsoft Windows Server 2008 Enterprise Edition SP2 OR SP1 (x86_64), Microsoft Windows Server 2008 Standard Edition SP2 OR SP1 (x86_64), Microsoft Windows Server 2008 Datacenter Edition SP2 OR SP1 (x86_64), Microsoft Windows Server 2008 HPC Edition SP2 OR SP1 (x86_64), Microsoft Windows Server 2008 Web Edition SP2 OR SP1 (x86_64), Microsoft Windows Server 2008 Storage Edition SP2 OR SP1 (x86_64), Microsoft Windows Small Business Server 2008 SP2 OR SP1 (x86_64), Microsoft Windows Essential Business Server 2008 SP2 OR SP1 (x86_64)

    Download and install Microsoft patch windows6.0-kb2508429-x64.cab (548015 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windows6.0-kb2508429-x64_3699754fcaac488ea60cd1886b6929f9610f7a0e.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windows6.0-kb2508429-x64_3699754fcaac488ea60cd1886b6929f9610f7a0e.cab )

  • Microsoft Windows Server 2008 SP2 OR SP1 (ia64), Microsoft Windows Server 2008 Enterprise Edition SP2 OR SP1 (ia64), Microsoft Windows Server 2008 Standard Edition SP2 OR SP1 (ia64), Microsoft Windows Server 2008 Datacenter Edition SP2 OR SP1 (ia64), Microsoft Windows Server 2008 HPC Edition SP2 OR SP1 (ia64), Microsoft Windows Server 2008 Web Edition SP2 OR SP1 (ia64), Microsoft Windows Server 2008 Storage Edition SP2 OR SP1 (ia64), Microsoft Windows Small Business Server 2008 SP2 OR SP1 (ia64), Microsoft Windows Essential Business Server 2008 SP2 OR SP1 (ia64)

    Download and install Microsoft patch windows6.0-kb2508429-ia64.cab (846931 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windows6.0-kb2508429-ia64_d97ec35684c8c68a36fab50beea83b8b974aa4a2.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windows6.0-kb2508429-ia64_d97ec35684c8c68a36fab50beea83b8b974aa4a2.cab )

  • Microsoft Windows Vista SP2 OR SP1 (x86), Microsoft Windows Vista Home, Basic Edition SP2 OR SP1 (x86), Microsoft Windows Vista Home, Basic N Edition SP2 OR SP1 (x86), Microsoft Windows Vista Home, Premium Edition SP2 OR SP1 (x86), Microsoft Windows Vista Ultimate Edition SP2 OR SP1 (x86), Microsoft Windows Vista Enterprise Edition SP2 OR SP1 (x86), Microsoft Windows Vista Business Edition SP2 OR SP1 (x86), Microsoft Windows Vista Business N Edition SP2 OR SP1 (x86), Microsoft Windows Vista Starter Edition SP2 OR SP1 (x86)

    Download and install Microsoft patch windows6.0-kb2508429-x86.cab (332927 bytes)

    Download and apply the patch from: http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windows6.0-kb2508429-x86_2e7adf8e8e545432372edbd59952a925fb7a69da.cab ( http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windows6.0-kb2508429-x86_2e7adf8e8e545432372edbd59952a925fb7a69da.cab )

3.1.7 CIFS NULL Session Permitted (cifs-nt-0001)

Description:

NULL sessions allow anonymous users to establish unauthenticated CIFS sessions with Windows or third-party CIFS implementations such as Samba ( http://www.samba.org ) or the Solaris CIFS Server ( http://www.opensolaris.org/os/project/cifs-server/ ) . These anonymous users may be able to enumerate local users, groups, servers, shares, domains, domain policies, and may be able to access various MSRPC services through RPC function calls. These services have been historically affected by numerous vulnerabilities. The wealth of information available to attackers through NULL sessions may also allow them to carry out more sophisticated attacks.

Affected Nodes:

Affected Nodes:

Additional Information:

192.168.56.103

  • Found server name: WINXPVBOX

References:

Source

Reference

CVE

 CVE-1999-0519 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0519 )

MSKB

 143474 ( http://support.microsoft.com/default.aspx?scid=kb;EN-US;143474 )

URL

 http://www.hsc.fr/ressources/presentations/null_sessions/ ( http://www.hsc.fr/ressources/presentations/null_sessions/ )

Vulnerability Solution:

  • Microsoft Windows 2003, Microsoft Windows Server 2003, Standard Edition, Microsoft Windows Server 2003, Enterprise Edition, Microsoft Windows Server 2003, Datacenter Edition, Microsoft Windows Server 2003, Web Edition, Microsoft Windows Small Business Server 2003

    Disable NULL sessions

    Modify the registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

    with the following values:

          Value Name: RestrictAnonymous
      Data Type: REG_DWORD
      Data Value: 1

          Value Name: RestrictAnonymousSAM
      Data Type: REG_DWORD
      Data Value: 1

          Value Name: EveryoneIncludesAnonymous
      Data Type: REG_DWORD
      Data Value: 0

    and set the following value to 0 (or, alternatively, delete it):

          Value Name: TurnOffAnonymousBlock
      Data Type: REG_DWORD
      Data Value: 0

    Modify the registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\

    with the following values:

          Value Name: RestrictNullSessAccess
      Data Type: REG_DWORD
      Data Value: 1

          Value Name: NullSessionPipes
      Data Type: REG_MULTI_SZ
      Data Value: "" (empty string, without quotes)

    Open Local Security Settings, and disable the following setting:

           Security Settings -> Local Policies -> Security Options ->
       Network access: Allow anonymous SID/Name translation: Disabled

    Finally, reboot the machine.

    Please note that disabling NULL sessions may have an adverse impact on functionality, as some applications and network environments may depend on them for proper operation. Refer to Microsoft Knowledge Base Article 823659 ( http://support.microsoft.com/kb/823659 ) for more information.

  • Microsoft Windows XP, Microsoft Windows XP Home, Microsoft Windows XP Professional

    Disable NULL sessions

    Modify the registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

    with the following values:

          Value Name: RestrictAnonymous
      Data Type: REG_DWORD
      Data Value: 1

          Value Name: RestrictAnonymousSAM
      Data Type: REG_DWORD
      Data Value: 1

          Value Name: EveryoneIncludesAnonymous
      Data Type: REG_DWORD
      Data Value: 0

    Modify the registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\

    with the following values:

          Value Name: RestrictNullSessAccess
      Data Type: REG_DWORD
      Data Value: 1

          Value Name: NullSessionPipes
      Data Type: REG_MULTI_SZ
      Data Value: "" (empty string, without quotes)

    Open Local Security Settings, and disable the following setting:

           Security Settings -> Local Policies -> Security Options ->
       Network access: Allow anonymous SID/Name translation: Disabled

    Finally, reboot the machine.

    Please note that disabling NULL sessions may have an adverse impact on functionality, as some applications and network environments may depend on them for proper operation. Refer to Microsoft Knowledge Base Article Q246261 ( http://support.microsoft.com/kb/q246261/ ) for more information.

  • Microsoft Windows 2000, Microsoft Windows 2000 Professional, Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Datacenter Server

    Disable NULL sessions

    Modify the registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

    with the following value:

          Value Name: RestrictAnonymous
      Data Type: REG_DWORD
      Data Value: 2

    After modifying the registry, reboot the machine.

    Please note that disabling NULL sessions may have an adverse impact on functionality, as some applications and network environments may depend on them for proper operation. Refer to Microsoft Knowledge Base Article Q246261 ( http://support.microsoft.com/kb/q246261/ ) for more information.

  • Microsoft Windows NT Server 4.0, Microsoft Windows NT Server, Enterprise Edition 4.0, Microsoft Windows NT Workstation 4.0

    Install Microsoft service pack Windows NT4 Service Pack 4

    Download and apply the upgrade from: http://support.microsoft.com/sp ( http://support.microsoft.com/sp )

  • Microsoft Windows NT, Microsoft Windows NT Workstation, Microsoft Windows NT Server, Microsoft Windows NT Advanced Server, Microsoft Windows NT Server, Enterprise Edition, Microsoft Windows NT Server, Terminal Server Edition

    Disable NULL sessions

    Modify the registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

    with the following value:

          Value Name: RestrictAnonymous
      Data Type: REG_DWORD
      Data Value: 1

    After modifying the registry, reboot the machine.

    It is important to note that on Windows NT 4.0 systems, setting this registry entry will still leave the system open to various attacks, including brute-force enumeration of users and groups. A complete solution for Windows NT 4.0 systems is not available.

  • Samba on Linux

    Restrict anonymous access

    To restrict anonymous access to Samba, modify your "smb.conf" settings as follows:

                        guest account = nobody
                    restrict anonymous = 1  
     

    Note: Make sure you do NOT list a user "nobody" in your password file.

  • Novell NetWare

    Novell Netware CIFS

    As of May 9, 2007 Novell Netware CIFS does not provide a workaround for this vulnerability.

3.1.8 MS06-035: Vulnerability in Server Service Could Allow Remote Code Execution (917159) (windows-hotfix-ms06-035)

Description:

Your system may require one or more security patches or hotfixes from Microsoft.

This update resolves several newly discovered, privately reported vulnerabilities. We recommend that customers apply the update immediately.

Affected Nodes:

Affected Nodes:

Additional Information:

192.168.56.103

Vulnerable OS: Microsoft Windows XP

Server responded with vulnerable error code: 2 and class: 1

References:

Source

Reference

BID

 18863 ( http://www.securityfocus.com/bid/18863 )

BID

 18891 ( http://www.securityfocus.com/bid/18891 )

CERT

 TA06-192A ( http://www.cert.org/advisories/TA06-192A.html )

CERT-VN

 189140 ( http://www.kb.cert.org/vuls/id/189140 )

CERT-VN

 333636 ( http://www.kb.cert.org/vuls/id/333636 )

CVE

 CVE-2006-1314 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1314 )

CVE

 CVE-2006-1315 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1315 )

MS

 MS06-035 ( http://www.microsoft.com/technet/security/bulletin/MS06-035.mspx )

MSKB

 917159 ( http://support.microsoft.com/default.aspx?scid=kb;EN-US;917159 )

OSVDB

 27154 ( http://www.osvdb.org/displayvuln.php?osvdb_id=27154 )

OSVDB

 27155 ( http://www.osvdb.org/displayvuln.php?osvdb_id=27155 )

OVAL

 OVAL3 ( http://oval.mitre.org/oval/definitions/data/OVAL3.html )

OVAL

 OVAL600 ( http://oval.mitre.org/oval/definitions/data/OVAL600.html )

SANS-06

 W4 ( http://www.sans.org/top20/2006/#w4 )

SANS-07

 S2 ( http://www.sans.org/top20/2007/#s2 )

SECUNIA

 21007 ( http://secunia.com/advisories/21007/ )

XF

 win-mailslot-bo(26818) ( http://xforce.iss.net/xforce/xfdb/26818 )

XF

 win-smb-information-disclosure(26820) ( http://xforce.iss.net/xforce/xfdb/26820 )

Vulnerability Solution:

3.2 Severe Vulnerabilities

3.2.1 SMB signing disabled (cifs-smb-signing-disabled)

Description:

This system does not allow SMB signing. SMB signing allows the recipient of SMB packets to confirm their authenticity and helps prevent man in the middle attacks against SMB. SMB signing can be configured in one of three ways: disabled entirely (least secure), enabled, and required (most secure).

Affected Nodes:

Affected Nodes:

Additional Information:

192.168.56.103:139

Negotiate protocol response's security mode 3 indicates that SMB signing is disabled

192.168.56.103:445

Negotiate protocol response's security mode 3 indicates that SMB signing is disabled

References:

Source

Reference

URL

 http://blogs.technet.com/b/josebda/archive/2010/12/01/the-basics-of-smb-signing-covering-both-smb1-and-smb2.aspx ( http://blogs.technet.com/b/josebda/archive/2010/12/01/the-basics-of-smb-signing-covering-both-smb1-and-smb2.aspx )

MSKB

 887429 ( http://support.microsoft.com/default.aspx?scid=kb;EN-US;887429 )

Vulnerability Solution:

  • Microsoft Windows

    Configure SMB signing

    Configure the system to enable or require SMB signing as appropriate. The method for doing this is system specific so please see KB 887429 ( http://support.microsoft.com/kb/887429 ) for details. Note: ensure that SMB signing configuration is done for incoming connections (Server).

  • Samba

    Configure SMB signing

    Configure Samba to enable or require SMB signing as appropriate. To enable SMB signing, put the following in the Samba configuration file, typically smb.conf, in the global section: 

          server signing = auto

    To require SMB signing, put the following in the Samba configuration file, typically smb.conf, in the global section: 

          server signing = mandatory

3.2.2 SMB signing not required (cifs-smb-signing-not-required)

Description:

This system enables, but does not require SMB signing. SMB signing allows the recipient of SMB packets to confirm their authenticity and helps prevent man in the middle attacks against SMB. SMB signing can be configured in one of three ways: disabled entirely (least secure), enabled, and required (most secure).

Affected Nodes:

Affected Nodes:

Additional Information:

192.168.56.103:139

Negotiate protocol response's security mode 3 indicates that SMB signing is not required

192.168.56.103:445

Negotiate protocol response's security mode 3 indicates that SMB signing is not required

References:

Source

Reference

URL

 http://blogs.technet.com/b/josebda/archive/2010/12/01/the-basics-of-smb-signing-covering-both-smb1-and-smb2.aspx ( http://blogs.technet.com/b/josebda/archive/2010/12/01/the-basics-of-smb-signing-covering-both-smb1-and-smb2.aspx )

MSKB

 887429 ( http://support.microsoft.com/default.aspx?scid=kb;EN-US;887429 )

Vulnerability Solution:

  • Microsoft Windows

    Configure SMB signing

    Configure the system to enable or require SMB signing as appropriate. The method for doing this is system specific so please see KB 887429 ( http://support.microsoft.com/kb/887429 ) for details. Note: ensure that SMB signing configuration is done for incoming connections (Server).

  • Samba

    Configure SMB signing

    Configure Samba to enable or require SMB signing as appropriate. To enable SMB signing, put the following in the Samba configuration file, typically smb.conf, in the global section: 

          server signing = auto

    To require SMB signing, put the following in the Samba configuration file, typically smb.conf, in the global section: 

          server signing = mandatory

3.3 Moderate Vulnerabilities

3.3.1 ICMP timestamp response (generic-icmp-timestamp)

Description:

The remote host responded to an ICMP timestamp request. The ICMP timestamp response contains the remote host's date and time. This information could theoretically be used against some systems to exploit weak time-based random number generators in other services.

In addition, the versions of some operating systems can be accurately fingerprinted by analyzing their responses to invalid ICMP timestamp requests.

Affected Nodes:

Affected Nodes:

Additional Information:

192.168.56.103

Remote system time: 02:47:09.902 CET

References:

Source

Reference

CVE

 CVE-1999-0524 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0524 )

OSVDB

 95 ( http://www.osvdb.org/displayvuln.php?osvdb_id=95 )

XF

 icmp-netmask(306) ( http://xforce.iss.net/xforce/xfdb/306 )

XF

 icmp-timestamp(322) ( http://xforce.iss.net/xforce/xfdb/322 )

Vulnerability Solution:

  • HP-UX

    Disable ICMP timestamp responses on HP/UX

    Execute the following command:

    ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0

    The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response).

  • Cisco IOS

    Disable ICMP timestamp responses on Cisco IOS

    Use ACLs to block ICMP types 13 and 14. For example:

       deny icmp any any 13

       deny icmp any any 14

    Note that it is generally preferable to use ACLs that block everything by default and then selectively allow certain types of traffic in. For example, block everything and then only allow ICMP unreachable, ICMP echo reply, ICMP time exceeded, and ICMP source quench:

       permit icmp any any unreachable

       permit icmp any any echo-reply

       permit icmp any any time-exceeded

       permit icmp any any source-quench

    The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response).

  • SGI Irix

    Disable ICMP timestamp responses on SGI Irix

    IRIX does not offer a way to disable ICMP timestamp responses. Therefore, you should block ICMP on the affected host using ipfilterd, and/or block it at any external firewalls.

    The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response).

  • Linux

    Disable ICMP timestamp responses on Linux

    Linux offers neither a sysctl nor a /proc/sys/net/ipv4 interface to disable ICMP timestamp responses. Therefore, you should block ICMP on the affected host using iptables, and/or block it at the firewall. For example:

       ipchains -A input -p icmp --icmp-type timestamp-request -j DROP

       ipchains -A output -p icmp --icmp-type timestamp-reply -j DROP

    The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response).

  • Microsoft Windows NT, Microsoft Windows NT Workstation, Microsoft Windows NT Server, Microsoft Windows NT Advanced Server, Microsoft Windows NT Server, Enterprise Edition, Microsoft Windows NT Server, Terminal Server Edition

    Disable ICMP timestamp responses on Windows NT 4

    Windows NT 4 does not provide a way to block ICMP packets. Therefore, you should block them at the firewall.

    The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response).

  • OpenBSD

    Disable ICMP timestamp responses on OpenBSD

    Set the "net.inet.icmp.tstamprepl" sysctl variable to 0.

       sysctl -w net.inet.icmp.tstamprepl=0

    The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response).

  • Cisco PIX

    Disable ICMP timestamp responses on Cisco PIX

    A properly configured PIX firewall should never respond to ICMP packets on its external interface. In PIX Software versions 4.1(6) until 5.2.1, ICMP traffic to the PIX's internal interface is permitted; the PIX cannot be configured to NOT respond. Beginning in PIX Software version 5.2.1, ICMP is still permitted on the internal interface by default, but ICMP responses from its internal interfaces can be disabled with the icmp command, as follows, where <inside> is the name of the internal interface:

       icmp deny any 13 <inside>

       icmp deny any 14 <inside>

    Don't forget to save the configuration when you are finished.

    See Cisco's support document Handling ICMP Pings with the PIX Firewall ( http://www.cisco.com/warp/public/110/31.html ) for more information.

    The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response).

  • Sun Solaris

    Disable ICMP timestamp responses on Solaris

    Execute the following commands:

       /usr/sbin/ndd -set /dev/ip ip_respond_to_timestamp 0

       /usr/sbin/ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0

    The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response).

  • Microsoft Windows 2000, Microsoft Windows 2000 Professional, Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Datacenter Server

    Disable ICMP timestamp responses on Windows 2000

    Use the IPSec filter feature to define and apply an IP filter list that blocks ICMP types 13 and 14. Note that the standard TCP/IP blocking capability under the "Networking and Dialup Connections" control panel is NOT capable of blocking ICMP (only TCP and UDP). The IPSec filter features, while they may seem strictly related to the IPSec standards, will allow you to selectively block these ICMP packets. See http://support.microsoft.com/kb/313190 ( http://support.microsoft.com/kb/313190 ) for more information.

    The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response).

  • Microsoft Windows XP, Microsoft Windows XP Home, Microsoft Windows XP Professional, Microsoft Windows Server 2003, Microsoft Windows Server 2003, Standard Edition, Microsoft Windows Server 2003, Enterprise Edition, Microsoft Windows Server 2003, Datacenter Edition, Microsoft Windows Server 2003, Web Edition, Microsoft Windows Small Business Server 2003

    Disable ICMP timestamp responses on Windows XP/2K3

    ICMP timestamp responses can be disabled by deselecting the "allow incoming timestamp request" option in the ICMP configuration panel of Windows Firewall.

    1. Go to the Network Connections control panel.
    2. Right click on the network adapter and select "properties", or select the internet adapter and select File->Properties.
    3. Select the "Advanced" tab.
    4. In the Windows Firewall box, select "Settings".
    5. Select the "General" tab.
    6. Enable the firewall by selecting the "on (recommended)" option.
    7. Select the "Advanced" tab.
    8. In the ICMP box, select "Settings".
    9. Deselect (uncheck) the "Allow incoming timestamp request" option.
    10. Select "OK" to exit the ICMP Settings dialog and save the settings.
    11. Select "OK" to exit the Windows Firewall dialog and save the settings.
    12. Select "OK" to exit the internet adapter dialog.

    For more information, see: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/hnw_understanding_firewall.mspx?mfr=true ( http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/hnw_understanding_firewall.mspx?mfr=true )

  • Microsoft Windows Vista, Microsoft Windows Vista Home, Basic Edition, Microsoft Windows Vista Home, Basic N Edition, Microsoft Windows Vista Home, Premium Edition, Microsoft Windows Vista Ultimate Edition, Microsoft Windows Vista Enterprise Edition, Microsoft Windows Vista Business Edition, Microsoft Windows Vista Business N Edition, Microsoft Windows Vista Starter Edition, Microsoft Windows Server 2008, Microsoft Windows Server 2008 Standard Edition, Microsoft Windows Server 2008 Enterprise Edition, Microsoft Windows Server 2008 Datacenter Edition, Microsoft Windows Server 2008 HPC Edition, Microsoft Windows Server 2008 Web Edition, Microsoft Windows Server 2008 Storage Edition, Microsoft Windows Small Business Server 2008, Microsoft Windows Essential Business Server 2008

    Disable ICMP timestamp responses on Windows Vista/2008

    ICMP timestamp responses can be disabled via the netsh command line utility.

    1. Go to the Windows Control Panel.
    2. Select "Windows Firewall".
    3. In the Windows Firewall box, select "Change Settings".
    4. Enable the firewall by selecting the "on (recommended)" option.
    5. Open a Command Prompt.
    6. Enter "netsh firewall set icmpsetting 13 disable"

    For more information, see: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/hnw_understanding_firewall.mspx?mfr=true ( http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/hnw_understanding_firewall.mspx?mfr=true )

  • Disable ICMP timestamp responses

    Disable ICMP timestamp replies for the device. If the device does not support this level of configuration, the easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response).

4 Discovered Services

4.1 CIFS

CIFS, the Common Internet File System, was defined by Microsoft to provide file sharing services over the Internet. CIFS extends the Server Message Block (SMB) protocol designed by IBM and enhanced by Intel and Microsoft. CIFS provides mechanisms for sharing resources (files, printers, etc.) and executing remote procedure calls over named pipes.

4.1.1 Discovered Instances of this Service

Device

Protocol

Port

Vulnerabilities

Additional Information

192.168.56.103

tcp

139

3
  • Windows 2000 LAN Manager

192.168.56.103

tcp

445

3
  • Windows 2000 LAN Manager

4.2 CIFS Name Service

CIFS, the Common Internet File System, was defined by Microsoft to provide file sharing services over the Internet. CIFS extends the Server Message Block (SMB) protocol designed by IBM and enhanced by Intel and Microsoft. CIFS provides mechanisms for sharing resources (files, printers, etc.) and executing remote procedure calls over named pipes. This service is used to handle CIFS browsing (name) requests. Responses contain the names and types of services that can be accessed via CIFS named pipes.

4.2.1 Discovered Instances of this Service

Device

Protocol

Port

Vulnerabilities

Additional Information

192.168.56.103

udp

137

0
  • advertised-name-1: WINXPVBOX (Computer Name)
  • advertised-name-2: WORKGROUP (Domain Name)
  • advertised-name-3: WINXPVBOX (File Server Service)
  • advertised-name-4: WORKGROUP (Browser Service Elections)
  • advertised-name-count: 4
  • mac-address: 080027F2E295

4.3 DCE Endpoint Resolution

The DCE Endpoint Resolution service, aka Endpoint Mapper, is used on Microsoft Windows systems by Remote Procedure Call (RPC) clients to determine the appropriate port number to connect to for a particular RPC service. This is similar to the portmapper service used on Unix systems.

4.3.1 Discovered Instances of this Service

Device

Protocol

Port

Vulnerabilities

Additional Information

192.168.56.103

tcp

135

0

4.4 NTP

The Network Time Protocol (NTP) is used to keep the clocks of machines on a network synchronized. Provisions are made in the protocol to account for network disruption and packet latency.

4.4.1 Discovered Instances of this Service

Device

Protocol

Port

Vulnerabilities

Additional Information

192.168.56.103

udp

123

0

5 Discovered Users and Groups

No user or group information was discovered during the scan.

6 Discovered Databases

No database information was discovered during the scan.

7 Discovered Files and Directories

7.1 192.168.56.103

File/Directory Name

Type

Properties

ADMIN$

Directory
  • comment: Administration à distance

C$

Directory
  • comment: Partage par défaut
  • mount-point: C:\

8 Policy Evaluations

No policy evaluations were performed.

9 Spidered Web Sites

No web sites were spidered during the scan.