Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Microsoft Security Bulletins for

13-Jan-2009: Check Point has released immediate Security Updates to protect its  SmartDefense subscribers against Microsoft Security Bulletins posted today, January 13, 2009. The January 2009 release contains 1 bulletin rated Critical, affecting Microsoft Server Message Block (SMB) protocol.

= Check Point has provided a protection to this bulletin

Microsoft Security Bulletin MS09-001:
Vulnerabilities in SMB Could Allow Remote Code Execution (958687)

Severity: Critical

CVE-2008-4114: SMB Validation Denial of Service Vulnerability

A denial of service vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB packets. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted network message to a computer running the Server service. An attacker who successfully exploited this vulnerability could cause the computer to stop responding and restart.

CVE-2008-4834: SMB Buffer Overflow Remote Code Execution Vulnerability

An unauthenticated remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB packets. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted network message to a computer running the Server service. An attacker who successfully exploited this vulnerability could take complete control of the system. Most attempts to exploit this vulnerability would result in a system denial of service condition, however remote code execution is theoretically possible.

CVE-2008-4835: SMB Validation Remote Code Execution Vulnerability

An unauthenticated remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB packets. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted network message to a computer running the Server service. An attacker who successfully exploited this vulnerability could cause the attacker to take complete control of the system. Most attempts to exploit this vulnerability would result in a system denial of service condition, however remote code execution is theoretically possible.

Microsoft Security

2009 Microsoft Security Bulletins by Month