Release DateMay 11, 2011 |
Severitycritical |
ImpactA remote attacker could use this vulnerable system to retrieve content or modify application configuration on the system. Therefore there is a risk of creating a denial of service scenario ,exposing sensitive information or executing arbitrary code. |
DescriptionWindows Internet Name Service (WINS) is Microsoft's implementation of NetBIOS Name Service (NBNS), a name server and service for NetBIOS computer names.There is a remote code execution vulnerability identified in the application that is due to an insufficient validation when processing an WINS data packet. As a result, by sending a specially crafted packet to the server, an attacker can invoke this security flaw. With this exploit, the attacker can execute arbitrary code under the context of the running user and perform various payloads ranging from sensitive information retrieval to software installation. This vulnerability was published in Common Vulnerabilities and Exposures List.(ID CVE-2011-1248) Microsoft has addressed this issue in its security advisory http://technet.microsoft.com/en-us/security/bulletin/ms11-035. |
Affected ProductsWindows Server 2003 Service Pack 2Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2008 for 32-bit Systems Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 R2 for x64-based Systems Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Recommended ActionsUpdate patchPlease download and install patches as instructed in http://www.microsoft.com/technet/security/Bulletin/MS11-035.mspx Work Around: Block TCP port 42 and UDP port 42 at your firewall For FortiGate IPS user, turning on IPS signature can prevent exploitation of this vulnerability: MS.Windows.WINS.Service.Remote.Code.Execution |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2011-1248 |
Reference/shttp://www.securityfocus.com/bid/47730 (BugTraq)http://technet.microsoft.com/en-us/security/bulletin/ms11-035.mspx (MS-ID) |
