MediumProventia Network IPS, Proventia Desktop, RealSecure Network, RealSecure Server Sensor, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, IBM Security Server Protection for Windows, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:
This signature detects a malicious SMB Tree Connect Request
Medium
Proventia Network IPS: XPU 30.020, Proventia Desktop: 2480, RealSecure Network: XPU 30.020, RealSecure Server Sensor: XPU 30.020, Proventia Network MFS: XPU 30.020, Proventia-G 1.1 and earlier: XPU 30.020, Proventia Network IDS: XPU 30.020, IBM Security Server Protection for Windows: 2.1.14.2480, IBM Security Server Protection for Windows: 2.0.300.2480, Virtual Server Protection for Vmware: XPU 30.020, Proventia Server IPS for Linux technology: 30.020
Microsoft Windows 2000: SP4, Microsoft Windows XP: SP2, Microsoft Windows Vista, Microsoft Windows Server 2003: SP2, Microsoft Windows Server 2003: SP2 Itanium, Microsoft Windows Server 2003: SP2 x64, Microsoft Windows Vista: x64, Microsoft Windows XP: SP2 x64 Professional, Microsoft Windows Vista: SP1, Microsoft Windows Vista: SP1 x64, Microsoft Windows Server 2008: Itanium, Microsoft Windows Server 2008: x32, Microsoft Windows Server 2008: x64, Microsoft Windows XP: SP3, Microsoft Windows Vista: SP2 x64, Microsoft Windows Vista: SP2, Microsoft Windows Server 2008: SP2 x32, Microsoft Windows Server 2008: SP2 x64, Microsoft Windows 7: x64, Microsoft Windows 7: x32, Microsoft Windows Server 2008: R2 x64, Microsoft Windows Server 2008: R2 Itanium, Microsoft Windows Server 2008: SP2 Itanium
Denial of Service
Microsoft Windows is vulnerable to a denial of service, caused by a NULL pointer dereference by the Microsoft Server Message Block (SMB) Protocol software when handling of SMB packets. By sending a specially-crafted SMB packet to a computer connected to an SMB Server, a remote attacker could exploit this vulnerability to cause the computer to stop responding.
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
Microsoft Security Bulletin MS10-012
Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)
http://www.microsoft.com/technet/security/bulletin/ms10-012.mspx
Microsoft Security Bulletin MS10-054
Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214)
http://www.microsoft.com/technet/security/bulletin/ms10-054.mspx
Microsoft Security Bulletin MS11-020
Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)
http://www.microsoft.com/technet/security/bulletin/ms11-020.mspx
ISS X-Force
Microsoft Windows SMB NULL denial of service
http://www.iss.net/security_center/static/55908.php
CVE
CVE-2010-0022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0022