Symantec product detections for Microsoft monthly Security Advisories - January 2009

Article:TECH138067  |  Created: 2010-08-19  |  Updated: 2013-01-09  |  Article URL http://www.symantec.com/docs/TECH138067
Article Type
Technical Solution


Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

 

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



January 13, 2009

 

 ID and Rating

 

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2008-4834

 

BID: 33121

 

Microsoft ID: MS09-001

MSKB:958687

 

 

Microsoft Rating:Critical

SMB Buffer Overflow Remote Code Execution Vulnerability

  

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

This is a remote code-execution vulnerability affecting the Microsoft Server Message Block (SMB) protocol when handling specially crafted SMB packets

An attacker can exploit this issue by sending a specially malformed SMB packet to a vulnerable server

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code with SYSTEM-level privileges

Sig ID: 23260

 

Detected as “SMB MS Windows Malformed Packet Code Exec”

 

 

 

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4835

 

BID: 33122

 

Microsoft ID:

MS09-001

MSKB – 958687

 

Microsoft Rating:

Critical

SMB Validation Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Server 2008 for 32-bit Systems*, x64-based Systems*, and Itanium-based Systems

 

This is a remote code-execution vulnerability affecting the Microsoft Server Message Block (SMB) protocol when handling specially crafted SMB packets

An attacker can exploit this issue by sending a specially malformed SMB packet to a vulnerable server

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code with SYSTEM-level privileges

Sig ID: 23259

 

Detected as “SMB MS Windows Malformed Packet BO”

 

Applicability:

SNS – SU 106

SGS – SU 70

SCS – SU 190

NIS/NAV/N360 – SU 182

NIS08/NAV08/09 – SU 141

N360v2 – SU 141

SEP11 – SU 92

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4114

 

BID: 31179

 

Microsoft ID:

MS09-001

MSKB – 958687

 

Microsoft Rating:

Moderate

Microsoft Windows WRITE_ANDX SMB Processing Remote Denial Of Service Vulnerability

 

Denial of Service Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Server 2008 for 32-bit Systems*, x64-based Systems*, and Itanium-based Systems

This is a previously disclosed denial-of-service vulnerability affecting the Microsoft Message Server Block (SMB) protocol when handling specially crafted SMB packets

Successful exploitation of this vulnerability will cause the affected computer to stop responding and restart

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

 

 




Legacy ID



2007010813564748


Article URL http://www.symantec.com/docs/TECH138067


Terms of use for this information are found in Legal Notices