| VID |
28081 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Cumulative Update(KB835732) for Microsoft Windows, according to the result by talking the remote SMB service, seems not to have been applied.
This Cumulative Security Update resolves several newly-discovered vulnerabilities as listed in the below, typically including support for all prior updates. But, it dose not include support for all prior update on all operating systems.
* The newly-discovered vulnerabilities:
- LSASS Vulnerability(CAN-2003-0533): Remote Code Execution
- LDAP Vulnerability(CAN-2003-0663): Denial Of Service
- PCT Vulnerability(CAN-2003-0719): Remote Code Execution
- Winlogon Vulnerability(CAN-2003-0806): Remote Code Execution
- Metafile Vulnerability(CAN-2003-0906): Remote Code Execution
- Help and Support Center Vulnerability(CAN-2003-0907): Remote Code Execution
- Utility Manager Vulnerability(CAN-2003-0908): Privilege Elevation
- Windows Management Vulnerability(CAN-2003-0909): Privilege Elevation
- Local Descriptor Table(LDT) Vulnerability(CAN-2003-0910): Privilege Elevation
- H.323 Vulnerability(CAN-2004-0117): Remote Code Execution
- Virtual DOS Machine(VDM) Vulnerability(CAN-2004-0118): Privilege Elevation
- Negotiate SSP Vulnerability(CAN-2004-0119): Remote Code Execution
- SSL Vulnerability(CAN-2004-0120): Denial Of Service
- ASN.1 "Double Free" Vulnerability(CAN-2004-0123): Remote Code Execution
* References:
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
http://xforce.iss.net/xforce/alerts/id/169
* Platforms Affected:
Microsoft NetMeeting
Microsoft Windows XP, SP1, 64bit Edition SP1, 64bit Edition Version 2003
Microsoft Windows 2000 SP2, SP3, SP4
Microsoft Windows NT Server 4.0 SP6a, Workstation 4.0 SP6a, TSE SP6
Microsoft Windows Server 2003 64bit Edition |
| Recommendation |
Apply the appropriate patch for your system, as listed in the Microsoft Security Bulletin MS04-011 at http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2003-0806,CVE-2003-0906,CVE-2003-0907,CVE-2003-0908,CVE-2003-0909,CVE-2003-0910,CVE-2004-0117,CVE-2004-0118,CVE-2004-0119,CVE-2004-0121 (CVE) |
| Related URL |
10120,10119,10124,10125,10122,10111,10117,10113,10115,10118 (SecurityFocus) |
| Related URL |
15284,15704,15632,15678,15707,15710,15714,15715,15712,15713 (ISS) |
|
