Critical Microsoft WINS Service Memory Corruption Vulnerability
Summary
A critical remote code execution vulnerability has been discovered in Microsoft Windows Internet Naming Service. A remote attacker can exploit this vulnerability to take complete control over an affected system.
Details
Windows Internet Naming Service (WINS) was designed specifically to support NetBIOS over TCP/IP (NetBT), and is required for any environment in which users access resources that have NetBIOS names.
The vulnerability is due to a logic error when WINS handles a socket send exception - certain user-supplied values remain within a stack frame and are re-used in another context. A remote attacker can trigger this issue by sending a specially crafted packet to an affected WINS system. Successful exploitation of the vulnerability may allow the attacker to execute arbitrary code on the targeted system.
Affected Products
This issue affects the following Microsoft products:
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 (Itanium)
- Windows Server 2008 for 32-bit Systems
- Windows Server 2008 for 32-bit Systems SP2
- Windows Server 2008 for x64-based Systems
- Windows Server 2008 for x64-based Systems SP2
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems SP1
Solution
Check Point IPS Software Blade and SmartDefense provide network protection against this vulnerability in the latest IPS update by detecting and blocking the transferal of malformed WINS packets. For more information, see CPAI-2011-246.
Originally Published:
Last Updated: 10-May-2011