MS.Vista.SMBv2.Signing.Insecurity
Description
In Dec. 2007, Microsoft released a security update which resolves a privately reported vulnerability in Server Message Block Version 2 (SMBv2) for Microsoft Windows Vista.
The vulnerability occurs when an administrator sets "Microsoft network client: Digitally sign communications (always)" to "enabled". A remote attacker can cause a denial of service or take complete control of an victim's system by modifying an SMBv2 packet and re-computing the signature to run code with the privileges of the logged on user.
Affected Products
Windows Vista
Windows Vista x64
Impact
The vulnerability could allow attackers to modify data transferred via SMBv2, which results in remote code execution in domain configurations communicating with SMBv2.
Recommended Actions
Microsoft recommends uses to apply the patch as instructed in
http://www.microsoft.com/technet/security/Bulletin/MS07-063.mspx
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |