| VID |
26048 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (Q329170) for the "Group Policy Modification Vulnerability in SMB Signing" has not been applied.
SMB (Server Message Block) is a file-sharing protocol that is natively supported in all versions of Windows. SMB signing is a feature available in Windows 2000 and Windows XP, through which all communications using the SMB protocol can be digitally signed at the packet level. A flaw in the implementation of SMB Signing in Windows 2000 and Windows XP could allow a remote attacker to disable SMB signing and modify group policy settings. If a remote attacker from within the local network is able to intercept and modify data as it is being exchanged between a client and server, the attacker could disable SMB signing and possibly change the group policy settings. An attacker could use this vulnerability to add users to the local Administrators group, cause programs to be executed at system startup, and possibly perform other malicious actions on the vulnerable client.
SMB Signing is disabled by default on Windows 2000 and Windows XP because of the performance penalty it exacts. On networks where SMB Signing has not been enabled, the vulnerability would pose no additional risk because SMB data would already be vulnerable to modification.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/MS02-070.asp
* Platforms Affected:
Microsoft Windows 2000
Microsoft Windows XP |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft's security bulletin MS02-070, http://www.microsoft.com/technet/security/bulletin/MS02-070.asp
1. Open the following page :
For Windows 2000 All languages except NEC Japanese: http://microsoft.com/downloads/details.aspx?FamilyId=52EAC216-A360-4E2D-9C6B-AD4D31C40BA2&displaylang=en
For Windows 2000 NEC Japanese: http://microsoft.com/downloads/details.aspx?FamilyId=F4119765-846B-491C-B162-BE06BD432828&displaylang=ja
For Windows XP 32-bit Edition: http://microsoft.com/downloads/details.aspx?FamilyId=77B49431-742B-4426-AD45-F09D3AED16CB&displaylang=en
For Windows XP 64-bit Edition: http://microsoft.com/downloads/details.aspx?FamilyId=580FCE68-B7E2-4BF9-8A16-54D1E39F2168&displaylang=en
2. Select your language from the drop-down list and then click <Go> button.
3. Click the <download> link to download this patch file.
4. Run this file to install the patch.
5. Reboot your system to complete installation.
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2002-1256 (CVE) |
| Related URL |
6367 (SecurityFocus) |
| Related URL |
10843 (ISS) |
|
