| VID |
26496 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Hotfix (MS10-025, 980858) for 'Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution ' has not been applied.
This security update resolves a privately reported vulnerability in Windows Media Services running on Microsoft Windows 2000 Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted transport information packet to a Microsoft Windows 2000 Server system running Windows Media Services. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. On Microsoft Windows 2000 Server, Windows Media Services is an optional component and is not installed by default.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/ms10-025.mspx
* Platforms Affected:
Windows 2000 Server SP4 |
| Recommendation |
Apply the appropriate patch (980858)for your system, as listed in Microsoft Security Bulletin MS10-025 at http://www.microsoft.com/technet/security/bulletin/ms10-025.mspx
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com. Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2010-0483 (CVE) |
| Related URL |
38463 (SecurityFocus) |
| Related URL |
(ISS) |
|
