1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Microsoft SMB CVE-2009-3676

Attack: Microsoft SMB CVE-2009-3676

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt remote denial-of-service vulnerability attacks on Windows for SMB2.

Additional Information

Microsoft Windows is prone to a remote denial-of-service vulnerability. Specifically, the issue occurs when a crafted SMB or SMBv2 packet containing less data than the value defined in the NetBIOS header is parsed. This causes the process to go into an infinite loop, resulting in a denial-of-service condition.

For an exploit to succeed, a remote attacker must entice an unsuspecting user to connect to a malicious SMB server.

The issue affects Windows 7 and 2008 R2.

Affected

  • The issue affects Windows 7 and 2008 R2.

Response

The vendor has released an advisory and updates. Please see the references for details.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube