Vulnerabilities > CVE-2009-3103 - Resource Management Errors vulnerability in Microsoft Windows Server 2008 and Windows Vista

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
microsoft
CWE-399
nessus
exploit available
metasploit
NVD
Published: 2009-09-08
Updated: 2024-11-21

Summary

Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.

Vulnerable Configurations

Part Description Count
OS
Microsoft
10

Common Weakness Enumeration (CWE)

Exploit-Db

  • idEDB-ID:40280
    last seen2018-11-30
    modified2016-02-26
    published2016-02-26
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/40280
    titleMicrosoft Windows - 'srv2.sys' SMB Code Execution (Python) (MS09-050)
  • descriptionWindows SMB2 Negotiate Protocol (0x72) Response DOS. CVE-2009-3103. Dos exploit for windows platform
    idEDB-ID:12524
    last seen2016-02-01
    modified2010-05-07
    published2010-05-07
    reporterJelmer de Hen
    sourcehttps://www.exploit-db.com/download/12524/
    titleWindows SMB2 Negotiate Protocol 0x72 Response DoS
  • descriptionWindows Vista/7 SMB2.0 Negotiate Protocol Request Remote BSOD Vuln. CVE-2009-3103. Dos exploit for windows platform
    fileexploits/windows/dos/9594.txt
    idEDB-ID:9594
    last seen2016-02-01
    modified2009-09-09
    platformwindows
    port
    published2009-09-09
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/9594/
    titleWindows Vista/7 SMB2.0 Negotiate Protocol Request Remote BSOD Vuln
    typedos
  • descriptionWindows 7 / Server 2008R2 Remote Kernel Crash. CVE-2009-3103. Dos exploit for windows platform
    idEDB-ID:10005
    last seen2016-02-01
    modified2009-11-11
    published2009-11-11
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/10005/
    titleWindows 7 / Server 2008R2 - Remote Kernel Crash
  • descriptionMicrosoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference (MS09-050). CVE-2009-2526,CVE-2009-2532,CVE-2009-3103. Remote exploit for windows platform
    idEDB-ID:14674
    last seen2016-02-01
    modified2010-08-17
    published2010-08-17
    reporterPiotr Bania
    sourcehttps://www.exploit-db.com/download/14674/
    titleMicrosoft Windows - SRV2.SYS SMB Negotiate ProcessID Function Table Dereference MS09-050
  • descriptionMicrosoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference. CVE-2009-3103. Remote exploit for windows platform
    idEDB-ID:16363
    last seen2016-02-01
    modified2010-07-03
    published2010-07-03
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16363/
    titleMicrosoft Windows SRV2.SYS SMB Negotiate ProcessID Function Table Dereference

Metasploit

Msbulletin

bulletin_idMS09-050
bulletin_url
date2009-10-13T00:00:00
impactRemote Code Execution
knowledgebase_id975517
knowledgebase_url
severityCritical
titleVulnerabilities in SMBv2 Could Allow Remote Code Execution

Nessus

  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS09-050.NASL
    descriptionThe remote Windows host contains a vulnerable SMBv2 implementation with the following issues : - A specially crafted SMBv2 packet can cause an infinite loop in the Server service. A remote, unauthenticated attacker can exploit this to cause a denial of service. (CVE-2009-2526) - Sending a specially crafted SMBv2 packet to the Server service can result in code execution. A remote, unauthenticated attacker can exploit this to take complete control of the system. (CVE-2009-2532, CVE-2009-3103) (EDUCATEDSCHOLAR) EDUCATEDSCHOLAR is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers.
    last seen2020-06-01
    modified2020-06-02
    plugin id42106
    published2009-10-13
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42106
    titleMS09-050: Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517) (EDUCATEDSCHOLAR)
    code
    #
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(42106);
  script_version("1.29");
  script_cvs_date("Date: 2018/11/15 20:50:30");

  script_cve_id("CVE-2009-2526", "CVE-2009-2532", "CVE-2009-3103");
  script_bugtraq_id(36299, 36594, 36595);
  script_xref(name:"MSFT", value:"MS09-050");
  script_xref(name:"MSKB", value:"975517");
  script_xref(name:"CERT", value:"135940");
  script_xref(name:"EDB-ID", value:"9594");
  script_xref(name:"EDB-ID", value:"10005");
  script_xref(name:"EDB-ID", value:"12524");
  script_xref(name:"EDB-ID", value:"14674");
  script_xref(name:"EDB-ID", value:"16363");

  script_name(english:"MS09-050: Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517) (EDUCATEDSCHOLAR)");
  script_summary(english:"Checks version of srv2.sys");

  script_set_attribute(attribute:"synopsis", value:"The remote SMB server can be abused to execute code remotely.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host contains a vulnerable SMBv2 implementation with
the following issues :

  - A specially crafted SMBv2 packet can cause an
    infinite loop in the Server service.  A remote,
    unauthenticated attacker can exploit this to cause
    a denial of service. (CVE-2009-2526)

  - Sending a specially crafted SMBv2 packet to the Server
    service can result in code execution.  A remote,
    unauthenticated attacker can exploit this to take
    complete control of the system. (CVE-2009-2532,
    CVE-2009-3103) (EDUCATEDSCHOLAR)

EDUCATEDSCHOLAR is one of multiple Equation Group vulnerabilities and
exploits disclosed on 2017/04/14 by a group known as the Shadow
Brokers.");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2009/ms09-050");
  script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Windows Vista and 2008.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'MS09-050 Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(94, 399);

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/09/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/10/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");
  script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, 'Host/patch_management_checks');
  exit(0);
}


include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS09-050';
kb = '975517';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(vista:'0,2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  # Vista SP0 (x86 & x64)
  hotfix_is_vulnerable(os:"6.0",   file:"srv2.sys", version:"6.0.6000.16927",   min_version:"6.0.6000.0", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0",   file:"srv2.sys", version:"6.0.6000.21127",   min_version:"6.0.6000.20000", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||

  # Vista / 2k8 SP1 (x86 & x64)
  hotfix_is_vulnerable(os:"6.0",   file:"srv2.sys", version:"6.0.6001.18331",   min_version:"6.0.6001.0", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0",   file:"srv2.sys", version:"6.0.6001.22522",   min_version:"6.0.6001.20000", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||

  # Vista / 2k8 SP2 (x86 & x64)
  hotfix_is_vulnerable(os:"6.0",   file:"srv2.sys", version:"6.0.6002.18112",   min_version:"6.0.6002.0", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0",   file:"srv2.sys", version:"6.0.6002.22225",   min_version:"6.0.6002.20000", dir:"\system32\drivers", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
  • NASL familyWindows
    NASL idSMB2_PID_HIGH_VULN.NASL
    descriptionThe remote host is running a version of Microsoft Windows Vista or Windows Server 2008 that contains a vulnerability in its SMBv2 implementation. An attacker can exploit this flaw to disable the remote host or to execute arbitrary code on it. EDUCATEDSCHOLAR is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers.
    last seen2020-06-01
    modified2020-06-02
    plugin id40887
    published2009-09-08
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40887
    titleMS09-050: Microsoft Windows SMB2 _Smb2ValidateProviderCallback() Vulnerability (975497) (EDUCATEDSCHOLAR) (uncredentialed check)
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(40887);
  script_version("1.36");
  script_cvs_date("Date: 2019/11/26");

  script_cve_id("CVE-2009-2532", "CVE-2009-3103");
  script_bugtraq_id(36299, 36594);
  script_xref(name:"MSFT", value:"MS09-050");
  script_xref(name:"CERT", value:"135940");
  script_xref(name:"EDB-ID", value:"9594");
  script_xref(name:"EDB-ID", value:"10005");
  script_xref(name:"EDB-ID", value:"12524");
  script_xref(name:"EDB-ID", value:"14674");
  script_xref(name:"EDB-ID", value:"16363");
  script_xref(name:"MSKB", value:"975497");

  script_name(english:"MS09-050: Microsoft Windows SMB2 _Smb2ValidateProviderCallback() Vulnerability (975497) (EDUCATEDSCHOLAR) (uncredentialed check)");
  script_summary(english:"Determines if the remote host is affected by a SMBv2 vulnerability");

  script_set_attribute(attribute:"synopsis", value:
"Arbitrary code may be executed on the remote host through the SMB
port");
  script_set_attribute(attribute:"description", value:
"The remote host is running a version of Microsoft Windows Vista or
Windows Server 2008 that contains a vulnerability in its SMBv2
implementation. An attacker can exploit this flaw to disable the
remote host or to execute arbitrary code on it.

EDUCATEDSCHOLAR is one of multiple Equation Group vulnerabilities and
exploits disclosed on 2017/04/14 by a group known as the Shadow
Brokers.");
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0f72ec72");
  # https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2009/ms09-050
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3e7748a1");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a patch for Windows Vista and Windows Server
2008.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-3103");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'MS09-050 Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(94, 399);

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/09/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/10/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/08");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_end_attributes();

  script_category(ACT_ATTACK);
  script_family(english:"Windows");
  script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_require_ports(139, 445);
  exit(0);
}

#

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("smb_func.inc");

port = 445;
if ( ! get_port_state(port) ) exit(0);
soc = open_sock_tcp(port);
if ( ! soc ) exit(0);
session_set_socket(socket:soc);


#---------------------------------------------------------#
# struct {                                                #
#   BYTE  Protocol[4];      # "\xFFSMB"                   #
#   BYTE  Command;                                        #
#   DWORD Status;           # Or BYTE ErrorClass;         #
#                           #    BYTE Reserved;           #
#                           #    WORD Error;              #
#   BYTE  Flags;                                          #
#   WORD  Flags2;                                         #
#   WORD  PidHigh;          			          #
#   BYTE  Signature[8];                                   #
#   WORD  Reserved;                                       #
#   WORD  Tid;              # Tree ID                     #
#   WORD  Pid;              # Process ID                  #
#   WORD  Uid;              # User ID                     #
#   WORD  Mid;              # Multiplex ID                #
# }                                                       #
#---------------------------------------------------------#


header = '\xFFSMB';
header += raw_byte(b:SMB_COM_NEGOTIATE);
header += nt_status(Status:STATUS_SUCCESS);
header += raw_byte (b:0x18);
header += raw_word (w:0xc853);
header += raw_word(w:0x0001); # Process ID high
header += raw_dword (d:session_get_sequencenumber()) + raw_dword (d:0);
header += raw_word (w:0);
header += raw_word (w:session_get_tid());
header += raw_word (w:session_get_pid());
header += raw_word (w:session_get_uid());
header += raw_word (w:session_get_mid());

parameters = smb_parameters(data:NULL);

ns = supported_protocol;

protocol[0] = "TENABLE_NETWORK_SECURITY";
data = NULL;
for (i = 0; i < ns; i++)
  data += raw_byte (b:0x02) + ascii (string:protocol[i]);
data = smb_data (data:data);


packet = netbios_packet (header:header, parameters:parameters, data:data);

r = smb_sendrecv(data:packet);
close(soc);

if ( !isnull(r) && "ORK_SECURITY" >< r )
{
  report = 'Sent:\n';
  report += ereg_replace(pattern:"([0-9a-f]{1,80})", replace:'\\1\n', string:hexstr(packet)) + '\n';
  report += 'Received:\n';
  report += ereg_replace(pattern:"([0-9a-f]{1,80})", replace:'\\1\n', string:hexstr(r));

  security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);
}
else
  audit(AUDIT_RESP_BAD, port, 'the exploit request');

Oval

accepted2014-08-18T04:06:14.437-04:00
classvulnerability
contributors
  • nameDragos Prisaca
    organizationGideon Technologies, Inc.
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentMicrosoft Windows Vista (32-bit) is installed
    ovaloval:org.mitre.oval:def:1282
  • commentMicrosoft Windows Vista x64 Edition is installed
    ovaloval:org.mitre.oval:def:2041
  • commentMicrosoft Windows Vista (32-bit) is installed
    ovaloval:org.mitre.oval:def:1282
  • commentMicrosoft Windows Vista x64 Edition is installed
    ovaloval:org.mitre.oval:def:2041
  • commentMicrosoft Windows Vista (32-bit) is installed
    ovaloval:org.mitre.oval:def:1282
  • commentMicrosoft Windows Vista x64 Edition is installed
    ovaloval:org.mitre.oval:def:2041
  • commentMicrosoft Windows Server 2008 (32-bit) is installed
    ovaloval:org.mitre.oval:def:4870
  • commentMicrosoft Windows Server 2008 (64-bit) is installed
    ovaloval:org.mitre.oval:def:5356
  • commentMicrosoft Windows Server 2008 (ia-64) is installed
    ovaloval:org.mitre.oval:def:5667
  • commentMicrosoft Windows Vista (32-bit) is installed
    ovaloval:org.mitre.oval:def:1282
  • commentMicrosoft Windows Vista x64 Edition is installed
    ovaloval:org.mitre.oval:def:2041
  • commentMicrosoft Windows Server 2008 (32-bit) is installed
    ovaloval:org.mitre.oval:def:4870
  • commentMicrosoft Windows Server 2008 (64-bit) is installed
    ovaloval:org.mitre.oval:def:5356
  • commentMicrosoft Windows Server 2008 (ia-64) is installed
    ovaloval:org.mitre.oval:def:5667
  • commentMicrosoft Windows Vista (32-bit) is installed
    ovaloval:org.mitre.oval:def:1282
  • commentMicrosoft Windows Vista x64 Edition is installed
    ovaloval:org.mitre.oval:def:2041
  • commentMicrosoft Windows Server 2008 (32-bit) is installed
    ovaloval:org.mitre.oval:def:4870
  • commentMicrosoft Windows Server 2008 (64-bit) is installed
    ovaloval:org.mitre.oval:def:5356
  • commentMicrosoft Windows Server 2008 (ia-64) is installed
    ovaloval:org.mitre.oval:def:5667
  • commentMicrosoft Windows Vista (32-bit) is installed
    ovaloval:org.mitre.oval:def:1282
  • commentMicrosoft Windows Vista x64 Edition is installed
    ovaloval:org.mitre.oval:def:2041
  • commentMicrosoft Windows Server 2008 (32-bit) is installed
    ovaloval:org.mitre.oval:def:4870
  • commentMicrosoft Windows Server 2008 (64-bit) is installed
    ovaloval:org.mitre.oval:def:5356
  • commentMicrosoft Windows Server 2008 (ia-64) is installed
    ovaloval:org.mitre.oval:def:5667
description (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
familywindows
idoval:org.mitre.oval:def:6489
statusaccepted
submitted2009-10-13T13:00:00
titleSMBv2 Negotiation Vulnerability
version43

Packetstorm

Saint

bid36299
descriptionWindows SMB2 buffer overflow
idwin_patch_smbv2ms09050
osvdb57799
titlewindows_smb2
typeremote

Seebug

bulletinFamilyexploit
descriptionBugraq ID: 36299 CVE ID:CVE-2009-3103 Microsoft windows是一款流行的操作系统。 Microsoft windows SMB2是新版windows捆绑的SMB协议实现,SRV2.SYS驱动不正确处理发送给NEGOTIATE PROTOCOL REQUEST功能的畸形SMB头字段数据,NEGOTIATE PROTOCOL REQUEST是客户端发送给SMB服务器的第一个SMB查询,用于识别SMB语言并用于之后的通信。 远程攻击者可以构建Process Id High头字段中包含有“&amp;”字符的SMB报文并发送给受影响系统,可导致系统蓝屏死机,造成拒绝服务攻击。 此漏洞无需验证交互。 Microsoft Windows Vista x64 Edition SP2 Microsoft Windows Vista x64 Edition SP1 Microsoft Windows Vista x64 Edition 0 Microsoft Windows Vista Ultimate 64-bit edition SP2 Microsoft Windows Vista Ultimate 64-bit edition SP1 Microsoft Windows Vista Ultimate 64-bit edition 0 Microsoft Windows Vista Home Premium 64-bit edition SP2 Microsoft Windows Vista Home Premium 64-bit edition SP1 Microsoft Windows Vista Home Premium 64-bit edition 0 Microsoft Windows Vista Home Basic 64-bit edition SP2 Microsoft Windows Vista Home Basic 64-bit edition SP1 Microsoft Windows Vista Home Basic 64-bit edition 0 Microsoft Windows Vista Enterprise 64-bit edition SP2 Microsoft Windows Vista Enterprise 64-bit edition SP1 Microsoft Windows Vista Enterprise 64-bit edition 0 Microsoft Windows Vista Business 64-bit edition SP2 Microsoft Windows Vista Business 64-bit edition SP1 Microsoft Windows Vista Business 64-bit edition 0 Microsoft Windows Vista Ultimate SP2 Microsoft Windows Vista Ultimate SP1 Microsoft Windows Vista Ultimate Microsoft Windows Vista Home Premium SP2 Microsoft Windows Vista Home Premium SP1 Microsoft Windows Vista Home Premium Microsoft Windows Vista Home Basic SP2 Microsoft Windows Vista Home Basic SP1 Microsoft Windows Vista Home Basic Microsoft Windows Vista Enterprise SP2 Microsoft Windows Vista Enterprise SP1 Microsoft Windows Vista Enterprise Microsoft Windows Vista Business SP2 Microsoft Windows Vista Business SP1 Microsoft Windows Vista Business Microsoft Windows Server 2008 Standard Edition SP2 Microsoft Windows Server 2008 Standard Edition 0 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems 0 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems 0 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems 0 Microsoft Windows Server 2008 Enterprise Edition SP2 Microsoft Windows Server 2008 Enterprise Edition 0 Microsoft Windows Server 2008 Datacenter Edition SP2 Microsoft Windows Server 2008 Datacenter Edition 0 Microsoft Windows 7 RC Microsoft Windows 7 beta 厂商解决方案 用户可参考如下供应商提供的安全补丁: Microsoft Windows Server 2008 for x64-based Systems 0 Microsoft Security Update for Windows Server 2008 x64 Edition (KB975517) http://www.microsoft.com/downloads/details.aspx?familyid=aff6f9c7-4a72 -48f2-b750-204d796c7daa Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Security Update for Windows Server 2008 for Itanium-based Systems (KB975517) http://www.microsoft.com/downloads/details.aspx?familyid=7b70108b-7f59 -4898-ab4e-76be990de878 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Security Update for Windows Server 2008 (KB975517) http://www.microsoft.com/downloads/details.aspx?familyid=ff6bfcf3-76c9 -4c45-b57d-22f94458dd6e Microsoft Windows Vista x64 Edition 0 Microsoft Security Update for Windows Vista for x64-based Systems (KB975517) http://www.microsoft.com/downloads/details.aspx?familyid=62ed5d0a-5ca6 -4942-80c9-7808b14cb6b5 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Security Update for Windows Server 2008 x64 Edition (KB975517) http://www.microsoft.com/downloads/details.aspx?familyid=aff6f9c7-4a72 -48f2-b750-204d796c7daa Microsoft Windows Server 2008 for Itanium-based Systems 0 Microsoft Security Update for Windows Server 2008 for Itanium-based Systems (KB975517) http://www.microsoft.com/downloads/details.aspx?familyid=7b70108b-7f59 -4898-ab4e-76be990de878 Microsoft Windows Vista x64 Edition SP2 Microsoft Security Update for Windows Vista for x64-based Systems (KB975517) http://www.microsoft.com/downloads/details.aspx?familyid=62ed5d0a-5ca6 -4942-80c9-7808b14cb6b5 Microsoft Windows Server 2008 for 32-bit Systems 0 Microsoft Security Update for Windows Server 2008 (KB975517) http://www.microsoft.com/downloads/details.aspx?familyid=ff6bfcf3-76c9 -4c45-b57d-22f94458dd6e Microsoft Windows Vista x64 Edition SP1 Microsoft Security Update for Windows Vista for x64-based Systems (KB975517) http://www.microsoft.com/downloads/details.aspx?familyid=62ed5d0a-5ca6 -4942-80c9-7808b14cb6b5
idSSV:12474
last seen2017-11-19
modified2009-10-14
published2009-10-14
reporterRoot
titleMicrosoft Windows SMBv2协商远程代码执行漏洞(MS09-050)

References