| VID |
26682 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Hotfix (MS14-070, 2989935) for 'Vulnerability in TCP/IP Could Allow Elevation of Privilege' has not been applied.
This security update resolves a publically reported vulnerability in TCP/IP that occurs during input/output control (IOCTL) processing. This vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another process. If this process runs with administrator privileges, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- TCP/IP Elevation of Privilege Vulnerability (CVE-2014-4076)
An elevation of privilege vulnerability exists in the Windows TCP/IP stack (tcpip.sys, tcpip6.sys) that is caused when the Windows TCP/IP stack fails to properly handle objects in memory during IOCTL processing. This vulnerability has been publicly disclosed. When this security bulletin was issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers. The update addresses the vulnerability by modifying the way that the Windows TCP/IP stack handles objects in memory during IOCTL processing.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://technet.microsoft.com/en-us/library/security/ms14-070
* Platforms Affected:
Windows Server 2003 SP2
Windows Server 2003 x64 SP2
Windows Server 2003 SP2 for Itanium |
| Recommendation |
Apply the appropriate patch(2989935) for your system, as listed in Microsoft Security Bulletin MS14-070 at https://technet.microsoft.com/en-us/library/security/ms14-070
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com. Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2014-4076 (CVE) |
| Related URL |
70976 (SecurityFocus) |
| Related URL |
(ISS) |
|
