inet facing wv-w7-w2k8: patch! NOW! MS11-083
08-11-2011,22:36 door
http://technet.microsoft.com/en-us/security/bulletin/ms11-083: Microsoft Security Bulletin MS11-083 - Critical
Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
Published: Tuesday, November 08, 2011
Version: 1.0
Vulnerability Information
-> Reference Counter Overflow Vulnerability - CVE-2011-2013
-> FAQ for Reference Counter Overflow Vulnerability - CVE-2011-2013
What is the scope of the vulnerability?
This is a remote code execution vulnerability in the context of the Windows kernel.
What causes the vulnerability?
The vulnerability is caused when the Windows TCP/IP stack processes a continuous flow of specially crafted UDP packets, resulting in an integer overflow.
[...]
When this security bulletin was issued, had this vulnerability been publicly disclosed?
No. Microsoft received information about this vulnerability through coordinated vulnerability disclosure.
Kortom, als je genoemde systemen direct aan internet hebt hangen, of je LAN niet helemaal kunt vertrouwen: PATCH NOW
Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
Published: Tuesday, November 08, 2011
Version: 1.0
Vulnerability Information
-> Reference Counter Overflow Vulnerability - CVE-2011-2013
-> FAQ for Reference Counter Overflow Vulnerability - CVE-2011-2013
What is the scope of the vulnerability?
This is a remote code execution vulnerability in the context of the Windows kernel.
What causes the vulnerability?
The vulnerability is caused when the Windows TCP/IP stack processes a continuous flow of specially crafted UDP packets, resulting in an integer overflow.
[...]
When this security bulletin was issued, had this vulnerability been publicly disclosed?
No. Microsoft received information about this vulnerability through coordinated vulnerability disclosure.
D.w.z. in elk geval voordat er exploit code voor gepubliceerd wordt. Het is geen 0-day maar uit de laatste QA blijkt dat derden (mogelijk zonder toegang tot source code) dit lek kunnen vinden, daarnaast weten aanvallers nu in elk geval waar ze moeten zoeken.
Laatst gewijzigd:
08-11-2011,
22:44
