Home > Microsoft Security > Microsoft Security Bulletin Ms10-012

Microsoft Security Bulletin Ms10-012

Contents

Update Information Detection and Deployment Tools and Guidance Manage the software and security updates you need to deploy to the servers, desktop, and mobile systems in your organization. Security updates are available from Microsoft Update and Windows Update. On Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 platforms, an attacker must be authenticated in order to exploit this vulnerability unless password-based sharing For more information about this behavior, see Microsoft Knowledge Base Article 824994. this content

The attacker A then forces a user U on system S to connect to his own specially crafted SMB server, for example by sending an email with multiple tags with What might an attacker use the vulnerability to do? An attacker who successfully exploited this vulnerability could cause a user's system to stop responding until manually restarted. Does this issue affect Server Message Block Version 1 (SMBv1)? No. Unblock TCP ports 139 and 445 at the firewall.

Ms10-012 Metasploit

Note For more information about the wusa.exe installer, see Microsoft Knowledge Base Article 934307. Other versions or editions are either past their support life cycle or are not affected. Special Options /forceappsclose Forces other programs to close when the computer shuts down. /log:path Allows the redirection of installation log files. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

We make the connection, get the challenge, look for the corresponding response we obtained from the victim, and authenticate to the SMB service. 6.5.2.Proof-of-Concept Exploit ------------------------------ Next are the necessary steps When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? No. Even if user U has no administrator privileges attacker A can still access, for example, file shares accessible by user U and read/modify information. Ms10-054 Superseded Comparing other file attributes to the information in the file information table is not a supported method of verifying that the update has been applied.

For more information about the terminology that appears in this bulletin, such as hotfix, see Microsoft Knowledge Base Article 824684. This is just a proof-of-concept exploit, it can be improved and optimized. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. All rights reserved. (e.g.: CVE-2009-1234 or 2010-1234 or 20101234) Log In Register

Vulnerability Feeds & WidgetsNew www.itsecdb.com Switch to https:// Home Browse : Vendors Products Vulnerabilities

This update applies, with the same severity rating, to supported editions of Windows Server 2008 and Windows Server 2008 R2, whether or not installed using the Server Core installation option. Cve-2010-0231 The following table provides the MBSA detection summary for this security update. This guidance contains recommendations and information that can help IT professionals understand how to use various tools for detection and deployment of security updates. The file 'fullcreds.log' will be generated.

  • Blocking TCP ports 139 and 445 at the firewall will help protect systems that are behind that firewall from attempts to exploit this vulnerability.
  • An attacker who successfully exploited this vulnerability could take complete control of an affected system.
  • When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? No.
  • Unblock TCP ports 139 and 445 at the firewall.
  • Also, in certain cases, files may be renamed during installation.

Ms10-054

For more information about the installer, visit the Microsoft TechNet Web site. No user interaction is required, but installation status is displayed. Ms10-012 Metasploit If they are, see your product documentation to complete these steps. Ms10 012 Superseded A user who browsed that Web site will force an SMB connection to an SMB server controlled by the attacker, which would then send a malformed response back to the user.

No user interaction is required, but installation status is displayed. news For more information, see the Microsoft Support Lifecycle Policy FAQ. Impact of workaround. Restart the "Server" service by performing one of the following:- Open up the computer management MMC, navigate to Services and Applications, click Services, right-click the Server service name and click Restart. Ms11-020

Removing the Update This security update supports the following setup switches. For more information about the supported installation switches, see Microsoft Knowledge Base Article 262841. How could an attacker exploit the vulnerability? An attacker could host a malicious SMB server that is designed to exploit this vulnerability and then convince a user to initiate an SMB connection have a peek at these guys Using this switch may cause the installation to proceed more slowly.

This vulnerability affects SMB version 1 and SMB version 2. Ms10-054 Exploit Windows Server Update Services By using Windows Server Update Services (WSUS), administrators can deploy the latest critical updates and security updates for Microsoft Windows 2000 operating systems and later, Office XP The following Ruby script can be used to test for the presence of this vulnerability: ====test2_ochoa_2010-0209.rb====: # test2_ochoa-2010-0209.rb # Windows SMB NTLM Authentication Weak Nonce Vulnerability detection script # This script

Supported Security Update Installation Switches SwitchDescription /help Displays the command-line options.

This is the same as unattended mode, but no status or error messages are displayed. Several Windows services use the affected ports. Deployment Information Installing the Update When you install this security update, the installer checks whether one or more of the files that are being updated on your system have previously been Ms11-020 Superseded For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

Special Options /overwriteoem Overwrites OEM files without prompting. /nobackup Does not back up files needed for uninstall. /forceappsclose Forces other programs to close when the computer shuts down. /log:path Allows the Supported Security Update Installation Switches SwitchDescription /help Displays the command-line options. Supported Security Update Installation Switches SwitchDescription /help Displays the command-line options. http://arnoldtechweb.com/microsoft-security/may-microsoft-security-bulletin.html Workarounds for SMB NTLM Authentication Lack of Entropy Vulnerability - CVE-2010-0231 Microsoft has not identified any workarounds for this vulnerability.

For more information on this installation option, see the TechNet articles, Managing a Server Core Installation and Servicing a Server Core Installation.