| VID |
26624 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Hotfix (MS12-054, 2733594) for 'Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution' has not been applied.
This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker sends a specially crafted response to a Windows print spooler request. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems connected directly to the Internet have a minimal number of ports exposed.
-Remote Administration Protocol Denial of Service Vulnerability - CVE-2012-1850
A denial of service vulnerability exists in Windows networking components. The vulnerability is due to the service not properly handling specially crafted RAP requests. An attacker who successfully exploited this vulnerability could cause some of the Windows networking component to stop responding.
-Print Spooler Service Format String Vulnerability - CVE-2012-1851
A remote code execution vulnerability exists in the Windows Print Spooler service that could allow a remote, unauthenticated attacker to execute arbitrary code on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
-Remote Administration Protocol Heap Overflow Vulnerability - CVE-2012-1852
A remote code execution vulnerability exists in the way that Windows networking components handle a specially crafted RAP response. An attacker who successfully exploited this vulnerability could run arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
-Remote Administration Protocol Stack Overflow Vulnerability - CVE-2012-1853
A remote code execution vulnerability exists in the way that Windows networking components handle specially crafted RAP responses. An attacker who successfully exploited this vulnerability could run arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://technet.microsoft.com/en-us/security/bulletin/ms12-054
* Platforms Affected:
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 |
| Recommendation |
Apply the appropriate patch (2733594)for your system, as listed in Microsoft Security Bulletin MS12-054 at http://technet.microsoft.com/en-us/security/bulletin/MS12-054
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com. Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2012-1850,CVE-2012-1851,CVE-2012-1852,CVE-2012-1853 (CVE) |
| Related URL |
54921,54928,54931,54940 (SecurityFocus) |
| Related URL |
(ISS) |
|
