Intrusion PreventionMS.SMB.Variable.Validation
Description
This indicates an attack attempt against a remote unauthenticated vulnerability in the Microsoft Server Message Block (SMB) Protocol.
The vulnerability is caused when the Microsoft Server Message Block (SMB) Protocol software improperly validates an internal variable when parsing specially crafted SMB packets. An attacker who successfully exploited this vulnerability could cause a user's system to stop responding until manually restarted.
Affected Products
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Impact
Denial of Service: Remote attackers can crash vulnerable systems.
Recommended Actions
Please refer to the Microsoft advisory for the update:
http://www.microsoft.com/technet/security/Bulletin/ms10-054.mspx
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2021-01-11 | 16.995 |
| ID | 24067 |
| Created | Aug 11, 2010 |
| Updated | Jan 08, 2021 |
| Risk |
|
| CVE ID | CVE-2010-2551 |
| Exploit Prediction Score | 90.72% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |