|
This month we released an update for SMB that addresses three vulnerabilities. This blog
post provides
additional information that might help prioritize the deployment of
this
update, and help explain the risk for code execution. In the bulletin you will see that the cumulative severity rating is
Critical for Windows
2000, XP and Server 2003 systems, while Vista and Server 2008 have
cumulative
severity ratings of Moderate. Two of the three vulnerabilities pose
the risk for Remote Code Execution (CVE-2008-4834 and CVE-2008-4835),
and
hence these are rated Critical. However, Vista and Server 2008 systems
are not
vulnerable to the first of these vulnerabilities, and the second
vulnerability
does not affect systems using default settings. As a result, we rated
Vista and
Server 2008 as Moderate for CVE-2008-4835. CVE-2008-4114 affects all
Windows
platforms and results in a system DoS without any risk of RCE, and
hence is
rated Moderate. The table below summarizes the exposure for each
version of
Windows.
For all affected versions of Windows,
the two RCE vulnerabilities are unlikely to result in functioning
exploit code
as stated in the exploitability index (http://technet.microsoft.com/en-us/security/cc998259.aspx).
There are a few reasons for this: ·
The vulnerabilities cause a fixed value
(zero) to be written to kernel memory – not data that the attacker
controls. ·
Controlling what data is overwritten is
difficult. To exploit this type of kernel buffer overrun, an attacker
typically
needs to be able to predict the layout and contents of memory. The
memory
layout of the targeted machine will depend on various factors such as
the
physical characteristics (RAM, CPUs) of the system, system load, other
SMB
requests it is processing, etc. In terms of prioritizing the deployment
of this update, we recommend updating SMB servers and Domain
Controllers
immediately since a system DoS would have a high impact. Other
configurations
should be assessed based on the role of the machine. For example,
non-critical
workstations could be considered lower priority assuming a system DoS
is an
acceptable risk. Systems with SMB blocked at the host firewall could
also be
updated more slowly. - Mark Wodrich, SVRD Blogger Posting is provided "AS IS"
with no warranties, and confers no rights. --~--~---------~--~----~------------~-------~--~----~ 要向邮件组发送邮件,请发到 [email protected] 要退订此邮件,请发邮件至 [email protected] -~----------~----~----~----~------~----~------~--~--- |
