| VID |
26534 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Hotfix (MS10-066, 982802) for 'Vulnerability in Remote Procedure Call Could Allow Remote Code Execution' has not been applied.
This security update resolves a privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.
The vulnerability could allow remote code execution if an attacker sent a specially crafted RPC response to a client-initiated RPC request. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker must convince the user to initiate an RPC connection to a malicious server under the attacker's control. An attacker could not remotely exploit this vulnerability without user interaction.
The security update addresses the vulnerability by correcting the way that the RPC client allocates memory prior to loading RPC responses passed by a remote server.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/Bulletin/MS10-066.mspx
* Platforms Affected:
Microsoft Windows XP SP3, x64 SP2
Microsoft Windows Server 2003 SP2, x64 SP2, SP2 for Itanium |
| Recommendation |
Apply the appropriate patch (982802) for your system, as listed in Microsoft Security Bulletin MS10-066 at http://www.microsoft.com/technet/security/bulletin/ms10-066.mspx |
| Related URL |
CVE-2010-2567 (CVE) |
| Related URL |
43119 (SecurityFocus) |
| Related URL |
(ISS) |
|
