Update Protection against Microsoft SMB TRANS Request Buffer Overflow Remote Code Execution Vulnerability (MS09-001)
| Check Point Reference: | CPAI-2009-003 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Microsoft Security Bulletin MS09-001 | |
| Industry Reference(s): | CVE-2008-4834 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Windows 2000 SP4 Windows XP SP2 Windows XP SP3 Windows XP Professional x64 Edition Windows XP Professional x64 Edition SP2 Windows Server 2003 SP1 Windows Server 2003 SP2 Windows Server 2003 x64 Edition Windows Server 2003 x64 Edition SP2 Windows Server 2003 with SP1 (Itanium) Windows Server 2003 with SP2 (Itanium) | ||
| Vulnerability Description A remote code execution vulnerability has been reported in the way that Microsoft Server Message Block (SMB) Protocol handles specially crafted SMB packets. The SMB Protocol is a network file sharing protocol that is implemented in Microsoft Windows. A remote attacker may exploit this vulnerability to take complete control of an affected system. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS09-001 |
|
|
Vulnerability Details The vulnerability is due to insufficient validation of buffer size before writing to it, by the Microsoft SMB Protocol. A remote attacker could exploit this flaw via a specially crafted SMB TRANS request. Successful exploitation could cause a denial of service condition and may allow execution of arbitrary code on the target system. |
Protection Overview
By enabling this protection, SmartDefense will detect and block malformed SMB TRANS requests.
In order for the protection to be activated, update your VPN-1 product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.