| VID |
26465 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Hotfix (971486) for 'Vulnerabilities in Windows Kernel' has not been applied. This Hotfix includes multiple vulnerabilities.
Vulnerabilities:
- Windows Kernel Integer Underflow Vulnerability(CVE-2009-2515)
An elevation of privilege vulnerability exists in the Windows kernel due to the incorrect truncation of a 64-bit value to a 32-bit value. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Windows Kernel NULL Pointer Dereference Vulnerability(CVE-2009-2516)
An elevation of privilege vulnerability exists in the Windows kernel due to the insufficient validation of certain data passed from user mode. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Windows Kernel Exception Handler Vulnerability(CVE-2009-2517)
A denial of service vulnerability exists in the Windows kernel because of the way the kernel handles certain exceptions. An attacker could exploit the vulnerability by running a specially crafted application causing the system to restart.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/MS09-058.mspx
* Platforms Affected:
Microsoft Windows 2000 SP4
Microsoft Windows XP SP2 and SP3
Windows Server 2003 SP2
Windows Vista and SP1 and SP2
Windows Server 2008 and SP2 |
| Recommendation |
Apply the appropriate patch (971486)for your system, as listed in Microsoft Security Bulletin MS09-058 at http://www.microsoft.com/technet/security/Bulletin/MS09-058.mspx
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com. Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2009-2507 (CVE) |
| Related URL |
36629 (SecurityFocus) |
| Related URL |
(ISS) |
|
