Vulnerabilities > CVE-2009-2532 - Code Injection vulnerability in Microsoft Windows Server 2008 and Windows Vista

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
microsoft
CWE-94
critical
nessus
exploit available

Summary

Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Manipulating User-Controlled Variables
    This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.

Exploit-Db

  • idEDB-ID:40280
    last seen2018-11-30
    modified2016-02-26
    published2016-02-26
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/40280
    titleMicrosoft Windows - 'srv2.sys' SMB Code Execution (Python) (MS09-050)
  • descriptionMicrosoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference (MS09-050). CVE-2009-2526,CVE-2009-2532,CVE-2009-3103. Remote exploit for windows platform
    idEDB-ID:14674
    last seen2016-02-01
    modified2010-08-17
    published2010-08-17
    reporterPiotr Bania
    sourcehttps://www.exploit-db.com/download/14674/
    titleMicrosoft Windows - SRV2.SYS SMB Negotiate ProcessID Function Table Dereference MS09-050

Msbulletin

bulletin_idMS09-050
bulletin_url
date2009-10-13T00:00:00
impactRemote Code Execution
knowledgebase_id975517
knowledgebase_url
severityCritical
titleVulnerabilities in SMBv2 Could Allow Remote Code Execution

Nessus

  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS09-050.NASL
    descriptionThe remote Windows host contains a vulnerable SMBv2 implementation with the following issues : - A specially crafted SMBv2 packet can cause an infinite loop in the Server service. A remote, unauthenticated attacker can exploit this to cause a denial of service. (CVE-2009-2526) - Sending a specially crafted SMBv2 packet to the Server service can result in code execution. A remote, unauthenticated attacker can exploit this to take complete control of the system. (CVE-2009-2532, CVE-2009-3103) (EDUCATEDSCHOLAR) EDUCATEDSCHOLAR is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers.
    last seen2020-06-01
    modified2020-06-02
    plugin id42106
    published2009-10-13
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42106
    titleMS09-050: Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517) (EDUCATEDSCHOLAR)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(42106);
      script_version("1.29");
      script_cvs_date("Date: 2018/11/15 20:50:30");
    
      script_cve_id("CVE-2009-2526", "CVE-2009-2532", "CVE-2009-3103");
      script_bugtraq_id(36299, 36594, 36595);
      script_xref(name:"MSFT", value:"MS09-050");
      script_xref(name:"MSKB", value:"975517");
      script_xref(name:"CERT", value:"135940");
      script_xref(name:"EDB-ID", value:"9594");
      script_xref(name:"EDB-ID", value:"10005");
      script_xref(name:"EDB-ID", value:"12524");
      script_xref(name:"EDB-ID", value:"14674");
      script_xref(name:"EDB-ID", value:"16363");
    
      script_name(english:"MS09-050: Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517) (EDUCATEDSCHOLAR)");
      script_summary(english:"Checks version of srv2.sys");
    
      script_set_attribute(attribute:"synopsis", value:"The remote SMB server can be abused to execute code remotely.");
      script_set_attribute(attribute:"description", value:
    "The remote Windows host contains a vulnerable SMBv2 implementation with
    the following issues :
    
      - A specially crafted SMBv2 packet can cause an
        infinite loop in the Server service.  A remote,
        unauthenticated attacker can exploit this to cause
        a denial of service. (CVE-2009-2526)
    
      - Sending a specially crafted SMBv2 packet to the Server
        service can result in code execution.  A remote,
        unauthenticated attacker can exploit this to take
        complete control of the system. (CVE-2009-2532,
        CVE-2009-3103) (EDUCATEDSCHOLAR)
    
    EDUCATEDSCHOLAR is one of multiple Equation Group vulnerabilities and
    exploits disclosed on 2017/04/14 by a group known as the Shadow
    Brokers.");
      script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2009/ms09-050");
      script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Windows Vista and 2008.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'MS09-050 Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(94, 399);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/09/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/10/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/13");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows : Microsoft Bulletins");
      script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
    
      script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
      script_require_keys("SMB/MS_Bulletin_Checks/Possible");
      script_require_ports(139, 445, 'Host/patch_management_checks');
      exit(0);
    }
    
    
    include("audit.inc");
    include("smb_func.inc");
    include("smb_hotfixes.inc");
    include("smb_hotfixes_fcheck.inc");
    include("misc_func.inc");
    
    get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
    
    bulletin = 'MS09-050';
    kb = '975517';
    
    kbs = make_list(kb);
    if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
    
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
    
    if (hotfix_check_sp_range(vista:'0,2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
    
    rootfile = hotfix_get_systemroot();
    if (!rootfile) exit(1, "Failed to get the system root.");
    
    share = hotfix_path2share(path:rootfile);
    if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
    
    if (
      # Vista SP0 (x86 & x64)
      hotfix_is_vulnerable(os:"6.0",   file:"srv2.sys", version:"6.0.6000.16927",   min_version:"6.0.6000.0", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"6.0",   file:"srv2.sys", version:"6.0.6000.21127",   min_version:"6.0.6000.20000", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
    
      # Vista / 2k8 SP1 (x86 & x64)
      hotfix_is_vulnerable(os:"6.0",   file:"srv2.sys", version:"6.0.6001.18331",   min_version:"6.0.6001.0", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"6.0",   file:"srv2.sys", version:"6.0.6001.22522",   min_version:"6.0.6001.20000", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
    
      # Vista / 2k8 SP2 (x86 & x64)
      hotfix_is_vulnerable(os:"6.0",   file:"srv2.sys", version:"6.0.6002.18112",   min_version:"6.0.6002.0", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"6.0",   file:"srv2.sys", version:"6.0.6002.22225",   min_version:"6.0.6002.20000", dir:"\system32\drivers", bulletin:bulletin, kb:kb)
    )
    {
      set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
      hotfix_security_hole();
      hotfix_check_fversion_end();
      exit(0);
    }
    else
    {
      hotfix_check_fversion_end();
      audit(AUDIT_HOST_NOT, 'affected');
    }
    
  • NASL familyWindows
    NASL idSMB2_PID_HIGH_VULN.NASL
    descriptionThe remote host is running a version of Microsoft Windows Vista or Windows Server 2008 that contains a vulnerability in its SMBv2 implementation. An attacker can exploit this flaw to disable the remote host or to execute arbitrary code on it. EDUCATEDSCHOLAR is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers.
    last seen2020-06-01
    modified2020-06-02
    plugin id40887
    published2009-09-08
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40887
    titleMS09-050: Microsoft Windows SMB2 _Smb2ValidateProviderCallback() Vulnerability (975497) (EDUCATEDSCHOLAR) (uncredentialed check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40887);
      script_version("1.36");
      script_cvs_date("Date: 2019/11/26");
    
      script_cve_id("CVE-2009-2532", "CVE-2009-3103");
      script_bugtraq_id(36299, 36594);
      script_xref(name:"MSFT", value:"MS09-050");
      script_xref(name:"CERT", value:"135940");
      script_xref(name:"EDB-ID", value:"9594");
      script_xref(name:"EDB-ID", value:"10005");
      script_xref(name:"EDB-ID", value:"12524");
      script_xref(name:"EDB-ID", value:"14674");
      script_xref(name:"EDB-ID", value:"16363");
      script_xref(name:"MSKB", value:"975497");
    
      script_name(english:"MS09-050: Microsoft Windows SMB2 _Smb2ValidateProviderCallback() Vulnerability (975497) (EDUCATEDSCHOLAR) (uncredentialed check)");
      script_summary(english:"Determines if the remote host is affected by a SMBv2 vulnerability");
    
      script_set_attribute(attribute:"synopsis", value:
    "Arbitrary code may be executed on the remote host through the SMB
    port");
      script_set_attribute(attribute:"description", value:
    "The remote host is running a version of Microsoft Windows Vista or
    Windows Server 2008 that contains a vulnerability in its SMBv2
    implementation. An attacker can exploit this flaw to disable the
    remote host or to execute arbitrary code on it.
    
    EDUCATEDSCHOLAR is one of multiple Equation Group vulnerabilities and
    exploits disclosed on 2017/04/14 by a group known as the Shadow
    Brokers.");
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0f72ec72");
      # https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2009/ms09-050
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3e7748a1");
      script_set_attribute(attribute:"solution", value:
    "Microsoft has released a patch for Windows Vista and Windows Server
    2008.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-3103");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'MS09-050 Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(94, 399);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/09/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/10/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/08");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_end_attributes();
    
      script_category(ACT_ATTACK);
      script_family(english:"Windows");
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_require_ports(139, 445);
      exit(0);
    }
    
    #
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("smb_func.inc");
    
    port = 445;
    if ( ! get_port_state(port) ) exit(0);
    soc = open_sock_tcp(port);
    if ( ! soc ) exit(0);
    session_set_socket(socket:soc);
    
    
    #---------------------------------------------------------#
    # struct {                                                #
    #   BYTE  Protocol[4];      # "\xFFSMB"                   #
    #   BYTE  Command;                                        #
    #   DWORD Status;           # Or BYTE ErrorClass;         #
    #                           #    BYTE Reserved;           #
    #                           #    WORD Error;              #
    #   BYTE  Flags;                                          #
    #   WORD  Flags2;                                         #
    #   WORD  PidHigh;          			          #
    #   BYTE  Signature[8];                                   #
    #   WORD  Reserved;                                       #
    #   WORD  Tid;              # Tree ID                     #
    #   WORD  Pid;              # Process ID                  #
    #   WORD  Uid;              # User ID                     #
    #   WORD  Mid;              # Multiplex ID                #
    # }                                                       #
    #---------------------------------------------------------#
    
    
    header = '\xFFSMB';
    header += raw_byte(b:SMB_COM_NEGOTIATE);
    header += nt_status(Status:STATUS_SUCCESS);
    header += raw_byte (b:0x18);
    header += raw_word (w:0xc853);
    header += raw_word(w:0x0001); # Process ID high
    header += raw_dword (d:session_get_sequencenumber()) + raw_dword (d:0);
    header += raw_word (w:0);
    header += raw_word (w:session_get_tid());
    header += raw_word (w:session_get_pid());
    header += raw_word (w:session_get_uid());
    header += raw_word (w:session_get_mid());
    
    parameters = smb_parameters(data:NULL);
    
    ns = supported_protocol;
    
    protocol[0] = "TENABLE_NETWORK_SECURITY";
    data = NULL;
    for (i = 0; i < ns; i++)
      data += raw_byte (b:0x02) + ascii (string:protocol[i]);
    data = smb_data (data:data);
    
    
    packet = netbios_packet (header:header, parameters:parameters, data:data);
    
    r = smb_sendrecv(data:packet);
    close(soc);
    
    if ( !isnull(r) && "ORK_SECURITY" >< r )
    {
      report = 'Sent:\n';
      report += ereg_replace(pattern:"([0-9a-f]{1,80})", replace:'\\1\n', string:hexstr(packet)) + '\n';
      report += 'Received:\n';
      report += ereg_replace(pattern:"([0-9a-f]{1,80})", replace:'\\1\n', string:hexstr(r));
    
      security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);
    }
    else
      audit(AUDIT_RESP_BAD, port, 'the exploit request');
    

Oval

accepted2014-08-18T04:06:12.199-04:00
classvulnerability
contributors
  • nameDragos Prisaca
    organizationGideon Technologies, Inc.
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentMicrosoft Windows Vista (32-bit) is installed
    ovaloval:org.mitre.oval:def:1282
  • commentMicrosoft Windows Vista x64 Edition is installed
    ovaloval:org.mitre.oval:def:2041
  • commentMicrosoft Windows Vista (32-bit) is installed
    ovaloval:org.mitre.oval:def:1282
  • commentMicrosoft Windows Vista x64 Edition is installed
    ovaloval:org.mitre.oval:def:2041
  • commentMicrosoft Windows Vista (32-bit) is installed
    ovaloval:org.mitre.oval:def:1282
  • commentMicrosoft Windows Vista x64 Edition is installed
    ovaloval:org.mitre.oval:def:2041
  • commentMicrosoft Windows Server 2008 (32-bit) is installed
    ovaloval:org.mitre.oval:def:4870
  • commentMicrosoft Windows Server 2008 (64-bit) is installed
    ovaloval:org.mitre.oval:def:5356
  • commentMicrosoft Windows Server 2008 (ia-64) is installed
    ovaloval:org.mitre.oval:def:5667
  • commentMicrosoft Windows Vista (32-bit) is installed
    ovaloval:org.mitre.oval:def:1282
  • commentMicrosoft Windows Vista x64 Edition is installed
    ovaloval:org.mitre.oval:def:2041
  • commentMicrosoft Windows Server 2008 (32-bit) is installed
    ovaloval:org.mitre.oval:def:4870
  • commentMicrosoft Windows Server 2008 (64-bit) is installed
    ovaloval:org.mitre.oval:def:5356
  • commentMicrosoft Windows Server 2008 (ia-64) is installed
    ovaloval:org.mitre.oval:def:5667
  • commentMicrosoft Windows Vista (32-bit) is installed
    ovaloval:org.mitre.oval:def:1282
  • commentMicrosoft Windows Vista x64 Edition is installed
    ovaloval:org.mitre.oval:def:2041
  • commentMicrosoft Windows Server 2008 (32-bit) is installed
    ovaloval:org.mitre.oval:def:4870
  • commentMicrosoft Windows Server 2008 (64-bit) is installed
    ovaloval:org.mitre.oval:def:5356
  • commentMicrosoft Windows Server 2008 (ia-64) is installed
    ovaloval:org.mitre.oval:def:5667
  • commentMicrosoft Windows Vista (32-bit) is installed
    ovaloval:org.mitre.oval:def:1282
  • commentMicrosoft Windows Vista x64 Edition is installed
    ovaloval:org.mitre.oval:def:2041
  • commentMicrosoft Windows Server 2008 (32-bit) is installed
    ovaloval:org.mitre.oval:def:4870
  • commentMicrosoft Windows Server 2008 (64-bit) is installed
    ovaloval:org.mitre.oval:def:5356
  • commentMicrosoft Windows Server 2008 (ia-64) is installed
    ovaloval:org.mitre.oval:def:5667
descriptionMicrosoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."
familywindows
idoval:org.mitre.oval:def:6336
statusaccepted
submitted2009-10-13T13:00:00
titleSMBv2 Command Value Vulnerability
version43

Seebug

bulletinFamilyexploit
descriptionBugraq ID: 36594 CVE ID:CVE-2009-2532 Microsoft windows是一款流行的操作系统。 Microsoft windows SMB2是新版windows捆绑的SMB协议实现,Microsoft Server Message Block (SMB)协议软件处理特殊构建的SMB报文存在漏洞,攻击者可以提交恶意请求报文对系统进行拒绝服务攻击。 利用此漏洞无需验证,允许攻击者发送特殊构建的网络消息给运行server服务的计算机,成功利用漏洞可导致计算机停止响应,直至重新启动。 目前没有详细漏洞细节提供。 Microsoft Windows Vista x64 Edition SP2 Microsoft Windows Vista x64 Edition SP1 Microsoft Windows Vista x64 Edition 0 Microsoft Windows Vista Ultimate 64-bit edition SP2 Microsoft Windows Vista Ultimate 64-bit edition SP1 Microsoft Windows Vista Ultimate 64-bit edition 0 Microsoft Windows Vista Home Premium 64-bit edition SP2 Microsoft Windows Vista Home Premium 64-bit edition SP1 Microsoft Windows Vista Home Premium 64-bit edition 0 Microsoft Windows Vista Home Basic 64-bit edition SP2 Microsoft Windows Vista Home Basic 64-bit edition SP1 Microsoft Windows Vista Home Basic 64-bit edition 0 Microsoft Windows Vista Enterprise 64-bit edition SP2 Microsoft Windows Vista Enterprise 64-bit edition SP1 Microsoft Windows Vista Enterprise 64-bit edition 0 Microsoft Windows Vista Business 64-bit edition SP2 Microsoft Windows Vista Business 64-bit edition SP1 Microsoft Windows Vista Business 64-bit edition 0 Microsoft Windows Vista Ultimate SP2 Microsoft Windows Vista Ultimate SP1 Microsoft Windows Vista Ultimate Microsoft Windows Vista Home Premium SP2 Microsoft Windows Vista Home Premium SP1 Microsoft Windows Vista Home Premium Microsoft Windows Vista Home Basic SP2 Microsoft Windows Vista Home Basic SP1 Microsoft Windows Vista Home Basic Microsoft Windows Vista Enterprise SP2 Microsoft Windows Vista Enterprise SP1 Microsoft Windows Vista Enterprise Microsoft Windows Vista Business SP2 Microsoft Windows Vista Business SP1 Microsoft Windows Vista Business Microsoft Windows Server 2008 Standard Edition SP2 Microsoft Windows Server 2008 Standard Edition 0 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems 0 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems 0 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems 0 Microsoft Windows Server 2008 Enterprise Edition SP2 Microsoft Windows Server 2008 Enterprise Edition 0 Microsoft Windows Server 2008 Datacenter Edition SP2 Microsoft Windows Server 2008 Datacenter Edition 0 Microsoft Windows 7 RC Microsoft Windows 7 beta 厂商解决方案 用户可参考如下供应商提供的安全补丁: Microsoft Windows Server 2008 for x64-based Systems 0 Microsoft Security Update for Windows Server 2008 x64 Edition (KB975517) http://www.microsoft.com/downloads/details.aspx?familyid=aff6f9c7-4a72 -48f2-b750-204d796c7daa Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Security Update for Windows Server 2008 for Itanium-based Systems (KB975517) http://www.microsoft.com/downloads/details.aspx?familyid=7b70108b-7f59 -4898-ab4e-76be990de878 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Security Update for Windows Server 2008 (KB975517) http://www.microsoft.com/downloads/details.aspx?familyid=ff6bfcf3-76c9 -4c45-b57d-22f94458dd6e Microsoft Windows Vista x64 Edition 0 Microsoft Security Update for Windows Vista for x64-based Systems (KB975517) http://www.microsoft.com/downloads/details.aspx?familyid=62ed5d0a-5ca6 -4942-80c9-7808b14cb6b5 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Security Update for Windows Server 2008 x64 Edition (KB975517) http://www.microsoft.com/downloads/details.aspx?familyid=aff6f9c7-4a72 -48f2-b750-204d796c7daa Microsoft Windows Server 2008 for Itanium-based Systems 0 Microsoft Security Update for Windows Server 2008 for Itanium-based Systems (KB975517) http://www.microsoft.com/downloads/details.aspx?familyid=7b70108b-7f59 -4898-ab4e-76be990de878 Microsoft Windows Vista x64 Edition SP2 Microsoft Security Update for Windows Vista for x64-based Systems (KB975517) http://www.microsoft.com/downloads/details.aspx?familyid=62ed5d0a-5ca6 -4942-80c9-7808b14cb6b5 Microsoft Windows Server 2008 for 32-bit Systems 0 Microsoft Security Update for Windows Server 2008 (KB975517) http://www.microsoft.com/downloads/details.aspx?familyid=ff6bfcf3-76c9 -4c45-b57d-22f94458dd6e Microsoft Windows Vista x64 Edition SP1 Microsoft Security Update for Windows Vista for x64-based Systems (KB975517) http://www.microsoft.com/downloads/details.aspx?familyid=62ed5d0a-5ca6 -4942-80c9-7808b14cb6b5
idSSV:12473
last seen2017-11-19
modified2009-10-14
published2009-10-14
reporterRoot
titleMicrosoft Windows SMB2命令值远程代码执行漏洞(MS09-050)