Release DateOct 16, 2009 |
Severitymedium |
ImpactDenial of Service. |
DescriptionThis indicates an attempt to exploit a Denial of Service vulnerability in Windows LSASS component.This vulnerability is caused by an error that occurs when the Windows NTLM implementation in LSASS handles specific malformed packets during the authentication process. A specific malformed packet may lead to an integer underflow in the LSASS process. |
Affected ProductsWindows XP Service Pack 2 and Service Pack 3Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2 |
Recommended ActionsApply the latest update from the vendor.http://www.microsoft.com/technet/security/Bulletin/MS09-059.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-2524 |
Reference/shttp://technet.microsoft.com/en-us/security/bulletin/MS09-059.mspx (MS-ID) |
