| VID |
26040 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (Q811493) for the "Buffer Overrun in Windows Kernel Message Handling" is not applied.
The Windows kernel is the core of the operating system. It provides system level services such as device and memory management, allocates processor time to processes and manages error handling.
These is a flaw in the way the kernel passes error messages to a debugger. By exploiting this flaw, an attacker could take any action on the system including deleting data, adding accounts with administrative access, or re-configuring the system, which could be used to gain elevated privileges on the system.
To successfully exploit this vulnerability, an attacker would need to be able to logon interactively to the system, either at the console or through a terminal session. Also, a successful attack would require the introduction of code in order to exploit this vulnerability.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/MS03-013.asp
http://www.securiteam.com/windowsntfocus/5PP0N0A9PA.html
* Platforms Affected:
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0 Server, Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP |
| Recommendation |
Apply the appropriate patch for your system, available from the Microsoft's download web site.
For Windows NT (All except Japanese NEC and Chinese - Hong Kong):
http://microsoft.com/downloads/details.aspx?FamilyId=C3596ED1-596F-416C-8BE5-91AE65619A1A&displaylang=en
For Windows NT (Japanese NEC):
http://microsoft.com/downloads/details.aspx?FamilyId=6D83F8BA-BF16-4EC5-9187-9B03E9AE825F&displaylang=ja
For Windows NT (Chinese - Hong Kong):
http://microsoft.com/downloads/details.aspx?FamilyId=0FF5C348-F7A0-44E8-8D82-557389FB4590&displaylang=zh-tw
For Windows NT 4.0, Terminal Server Edition:
http://microsoft.com/downloads/details.aspx?FamilyId=910A0015-3723-4A4E-9049-99A4CE52B5F8&displaylang=en
For Windows 2000 (All except Japanese NEC):
http://microsoft.com/downloads/details.aspx?FamilyId=CACAC8C0-81E9-413E-B565-5D7B3257A733&displaylang=en
For Windows 2000 (Japanese NEC):
http://microsoft.com/downloads/details.aspx?FamilyId=81E6E80C-5E56-4466-98C1-4DDF6CF3893F&displaylang=ja
For Windows XP 32-bit Edition:
http://microsoft.com/downloads/details.aspx?FamilyId=9F81E615-3DEC-4A4B-826A-4E0FEAB42323&displaylang=en
For Windows XP 64-bit edition:
http://microsoft.com/downloads/details.aspx?FamilyId=DBC47904-51C8-475A-9900-3DF363A51A3A&displaylang=en
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2003-0112 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
