MS.Vista.SMBv2.Signing.Insecurity

description-logoDescription

In Dec. 2007, Microsoft released a security update which resolves a privately reported vulnerability in Server Message Block Version 2 (SMBv2) for Microsoft Windows Vista.
The vulnerability occurs when an administrator sets "Microsoft network client: Digitally sign communications (always)" to "enabled". A remote attacker can cause a denial of service or take complete control of an victim's system by modifying an SMBv2 packet and re-computing the signature to run code with the privileges of the logged on user.

affected-products-logoAffected Products

Windows Vista
Windows Vista x64

Impact logoImpact

The vulnerability could allow attackers to modify data transferred via SMBv2, which results in remote code execution in domain configurations communicating with SMBv2.

recomended-action-logoRecommended Actions

Microsoft recommends uses to apply the patch as instructed in
http://www.microsoft.com/technet/security/Bulletin/MS07-063.mspx

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)