| VID |
26526 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Hotfix (MS10-049, 980436) for 'Vulnerabilities in SChannel could allow Remote Code Execution' has not been applied.
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The more severe of these vulnerabilities could allow remote code execution if a user visits a specially crafted Web site that is designed to exploit these vulnerabilities through an Internet Web browser. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that takes users to the attacker's Web site.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/Bulletin/MS10-049.mspx
* Platforms Affected:
Windows XP SP3
Windows Server 2003 SP2
Windows Vista SP1 and SP2
Windows Server 2008 and SP2
Windows 7 |
| Recommendation |
Apply the appropriate patch (980436) for your system, as listed in Microsoft Security Bulletin MS10-049 at http://www.microsoft.com/technet/security/bulletin/ms10-049.mspx |
| Related URL |
CVE-2009-3555,CVE-2010-2566 (CVE) |
| Related URL |
36935,42246 (SecurityFocus) |
| Related URL |
(ISS) |
|
