Korean

<< Back VID 26665 Severity 30 Port 139,445 Protocol TCP Class SMB Detailed Description The hotfix (MS14-047, 2978668) for 'Vulnerability in LRPC Could Allow Security Feature Bypass' has not been applied. This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker uses the vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that takes advantage of the ASLR bypass to run arbitrary code. - LRPC ASLR Bypass Vulnerability(CVE-2014-0316) A security feature bypass vulnerability exists in Microsoft Remote Procedure Call (LRPC). The problem is that an LRPC server may leak the message it receives from the client if the message is of a specific type and has a data view attached (which is not expected for messages of the type). RPC considers this an error and returns, but does not free the message. This allows the client to fill up the address space of the server with such messages. * Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts. * References: https://technet.microsoft.com/en-us/library/security/ms14-047 * Platforms Affected: Windows 7 SP1 Windows 7 x64 SP1 Windows Server 2008 R2 SP1 Windows Server 2008 R2 x64 SP1 Windows 8 Windows 8.1 Windows Server 2012 Windows Server 2012 R2 Recommendation Apply the appropriate patch (2978668) for your system, as listed in Microsoft Security Bulletin MS14-047 at https://technet.microsoft.com/en-us/library/security/ms14-047 -- OR -- Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com. Windows Update detects what version of Windows you are running and offers the appropriate patch. Related URL CVE-2014-0316 (CVE) Related URL 69097 (SecurityFocus) Related URL (ISS)