Intrusion Prevention

MS.SMB2.Negotiation.Handler.Code.Execution

Description

This indicates an attempt to exploit a memory corruption vulnerability in Microsoft Server Message Block (SMB).
The vulnerability is caused by an error that occurs when Microsoft Server Message Block (SMB) Protocol 2.0 software handles a malformed NEGOTIATE PROTOCOL request. A remote attacker could exploit this vulnerability to execute arbitrary code.

Affected Products

Windows Vista and Server 2008

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Refer to the vendor's web site for suggested workaround.
http://www.microsoft.com/technet/security/advisory/975497.mspx
http://www.microsoft.com/technet/security/Bulletin/ms09-050.mspx

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date	Version	Status	Detail
2025-06-09	33.021	Modified	Sig Added

ID	17717
Created	Sep 09, 2009
Updated	Jun 09, 2025
CVE ID
Risk
Exploit Prediction Score	92.94%
Default Action	drop
Active
Affected OS	Windows
Affected App	Other
Profile Type	Resource Management Errors

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Intrusion Prevention

MS.SMB2.Negotiation.Handler.Code.Execution

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Intrusion Prevention

MS.SMB2.Negotiation.Handler.Code.Execution

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

Threat Intelligence
Center