1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. SMB MS Windows Malformed Packet Code Exec

SMB MS Windows Malformed Packet Code Exec

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a vulnerability in Microsoft Server Message Block Protocol which may result in remote code execution.

Additional Information

This security update resolves several privately reported vulnerabilities in Microsoft Server Message Block (SMB) Protocol. The vulnerabilities could allow remote code execution on affected systems. An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Moderate for all supported editions of Windows Vista, and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses the vulnerabilities by validated the fileds inside the SMB packets are valid.

Affected

  • windows
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube