Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Microsoft Windows SMB Server Vulnerabilities

(MS10-012)
Several vulnerabilities have been identified in Microsoft Server Message Block (SMB), a network file sharing protocol. A remote attacker can exploit these vulnerabilities to execute malicious code or cause a denial of service condition on the target system.

Server Message Block (SMB) is a network file sharing protocol that enables sharing resources - files, printers and serial ports between users on the network. Microsoft Windows clients use the SMB protocol to provide access to shared Windows resources such as files and printers. On internal LANs or subnets across the Internet that are often comprised of hundreds or thousands of personal workstations running Microsoft Windows, SMB can account for the majority of traffic passed between hosts.

Check Point provides immediate protection against these exploits in the integrated and dedicated IPS products, IPS Software Blade, SmartDefense, and IPS-1.

Microsoft Windows SMB COPY Command Pathname Overflow

(CVE-2010-0020)
The vulnerability is due to an error in the Windows SMB server that fails to properly validate buffer lengths when processing the SMB COPY command. A remote attacker could exploit this flaw by constructing a specially crafted SMB message and sending it to an affected server. The protection will detect and block overly long SMB COPY commands. For more information, see CPAI-2010-022.

Microsoft Windows SMB Server Race Condition Denial of Service

(CVE-2010-0021)
The vulnerability is due to a race condition in a driver that is part of the SMB stack in Windows. A remote attacker could exploit this flaw via a specially crafted SMB request. Successful exploitation could cause a denial of service condition on the target system. The protection will detect and block malformed SMB requests attempting to exploit this vulnerability. IPS-1 has been preemptive against this vulnerability since November 16, 2009. No update is required for IPS-1 users. For more information, see CPAI-2010-023.

Microsoft Windows SMB Server Null Pointer Denial of Service

(CVE-2010-0022)
The vulnerability is due to insufficient validation by the Microsoft SMB Protocol software of the share and server name fields in malformed SMB packets. A remote attacker could exploit this flaw by constructing a specially crafted SMB packet and sending it to a target server. The protection will detect and block malformed SMB requests attempting to exploit this vulnerability. IPS-1 has been preemptive against this vulnerabililty since January 9, 2009. No update is required for IPS-1 users. For more information, see CPAI-2010-028.

Microsoft Windows SMB NTLM Authentication Lack of Entropy

(CVE-2010-0231)
The vulnerability is due to a lack of cryptographic entropy when the SMB server generates challenges and presents them to a connecting client. An attacker could trigger this issue by continuously attempting to authenticate against the SMB server and subsequently causing that server to generate duplicate values. An unauthenticated attacker could exploit the vulnerability by sending large amounts of authentication requests to the SMB server. The protection will detect and block multiple SMB requests attempting to exploit this vulnerability. For more information, see CPAI-2010-029.