McAfee Labs Security Advisory: MTIS09‐122

Version 2

    November 17, 2009

    MTIS09-122

    Executive Summary
    Since the last McAfee® Labs Security Advisory (November 13), the following noteworthy event has taken place:

    • McAfee product coverage has been updated for a vulnerability in Microsoft Windows.

    McAfee product coverage for this event:

    McAfee Product Coverage Updates *

    Threat

    Advisory

    Impor-
    tance

    DAT 

    BOP 

    Host
    IPS

    McAfee
    Network
    Security
    Platform

    McAfee
    Vulnerability
    Manager

    MNAC 2.x

    McAfee
    Remediation
    Manager

    McAfee
    Policy
    Auditor
    SCAP

    MNAC
    SCAP

    MTIS09-121-A
    MS Win 7 SMB DoS

    Previous

    Medium

    N/A

    N/A

    UA

    UA

    Yes

    Pend

    N/A

    UA

    UA

    Current

    Medium

    N/A

    N/A

    UA

    UA

    Yes

    Pend

    UA

    UA

    UA

    Microsoft Windows SMB_PACKET Remote Kernel Denial-of-Service Vulnerability

    [MTIS09-121-A]

     

    Threat Identifier(s)

    CVE-2009-3676

    Threat Type

    Vulnerability

    Risk Assessment

    Medium

    Main Threat Vectors

    WAN; LAN

    User Interaction Required

    No

    Description

    A vulnerability in Microsoft Windows Server 2008 Release 2 and Windows 7 may allow denial-of-service attacks. The kernel in those versions of Windows allows remote SMB servers to cause a denial of service (infinite loop and system hang) via either an SMB v1 or SMB v2 response packet that contains a NetBIOS header with an incorrect length value.

    Importance

    Medium. On November 11, details of this vulnerability were disclosed to the public

    McAfee Product Coverage *

     

       DAT files

    Out of scope

       VSE BOP

    Out of scope

       Host IPS

    Under analysis

       McAfee Network Security
       Platform

    Under analysis

       McAfee Vulnerability
       Manager

    The FSL/MVM package of November 13 includes a vulnerability check to assess if your systems are at risk.

       MNAC 2.x

    The MNAC release of December 9 will include a vulnerability check to assess if your systems are at risk.

       McAfee Remediation
       Manager

    Under analysis

       McAfee Policy Auditor SCAP

    Under analysis

       MNAC SCAP

    Under analysis

    Additional Information

    Laurent Gaffié: Windows 7/Server 2008R2 Remote Kernel Crash
    Microsoft Security Advisory 977544: Vulnerability in SMB Could Allow Denial of Service
    McAfee: Microsoft Windows SMB_PACKET Remote Kernel Denial-of-Service Vulnerability


    Back to top

    Detailed descriptions of the Security Advisories can be found in the Users Guide: https://kc.mcafee.com/content/mtis/McAfee_Avert_Labs_Security_Advisory_UsersGuid e.pdf

    For more information on McAfee Avert Labs Security Advisories, see: https://kc.mcafee.com/content/mtis/McAfee_Avert_Labs_Security_Advisory_FAQ.pdf

    For McAfee Technical Support, click here.

    For Multi-National Phone Support, click here.

     

    *The information provided is only for the use and convenience of McAfee's customers in connection with their McAfee products, and applies only to the threats described herein. McAfee product coverage statements are limited to known attack vectors and should not be considered comprehensive. THE INFORMATION PROVIDED HEREIN IS PROVIDED "AS IS" AND IS SUBJECT TO CHANGE WITHOUT NOTICE.

    The information contained herein is the property of McAfee, Inc. and may not be reproduced or disseminated without the expressed written consent of McAfee, Inc.

    McAfee and/or additional marks herein are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the United States and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

    McAfee, Inc. 3965 Freedom Circle, Santa Clara, CA 95054 888.847.8766 www.mcafee.com

    ® 2009 McAfee, Inc. All rights reserved.