Microsoft Windows Knowledge Base Article 974145 update is not installed (WinMs10kb974145Update)

Vuln ID: 55898
Risk Level: High risk vulnerability  High WinMs10kb974145Update
Platforms: Microsoft Windows Vista, Microsoft Windows Vista: x64, Microsoft Windows Vista: SP1, Microsoft Windows Vista: SP1 x64, Microsoft Windows Server 2008: Itanium, Microsoft Windows Server 2008: x32, Microsoft Windows Server 2008: x64, Microsoft Windows Vista: SP2 x64, Microsoft Windows Vista: SP2, Microsoft Windows Server 2008: SP2 x32, Microsoft Windows Server 2008: SP2 x64, Microsoft Windows Server 2008: SP2 Itanium
Description:

Microsoft Knowledge Base Article 974145 is not installed, which could allow a remote attacker to exploit the following vulnerabilities:

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by an error in the TCP/IP stack when processing ICMPv6 Router Advertisement packets. By sending a specially-crafted ICMPv6 Router Advertisement packet to an IPv6 enabled computer, a remote attacker on the same physical or virtual link could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim.

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of malicious Encapsulating Security Payloads (ESP) over UDP datagram fragments by the TCP/IP stack when running a custom network driver. By sending a specially-crafted IP datagram fragment packet to a system having a custom network driver, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim.

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by an error in the TCP/IP stack when processing ICMPv6 Route Information packets. By sending a specially-crafted ICMPv6 Route Information packet to an IPv6 enabled computer, a remote attacker on the same physical or virtual link could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim.

Microsoft Windows is vulnerable to a denial of service, caused by an error in the TCP/IP stack when processing TCP packets containing a malicious selective acknowledgment (SACK) value. By sending a series of specially-crafted TCP packets with a malformed selective acknowledgment (SACK) value, a remote attacker could exploit this vulnerability to cause the system to become unresponsive.
Remedy:

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS10-009. See References.
False Positives:
False Negatives:
Required Permission: Windows login
Additional Information:

References:

Microsoft Security Bulletin MS10-009
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)
http://www.microsoft.com/technet/security/bulletin/ms10-009.mspx

IBM Internet Security Systems X-Force Database
Microsoft Windows TCP/IP ICMPv6 code execution
http://xforce.iss.net/xforce/xfdb/55894

IBM Internet Security Systems X-Force Database
Microsoft Windows TCP/IP stack datagram code execution
http://xforce.iss.net/xforce/xfdb/55895

IBM Internet Security Systems X-Force Database
Microsoft Windows TCP/IP Route Information code execution
http://xforce.iss.net/xforce/xfdb/55896

IBM Internet Security Systems X-Force Database
Microsoft Windows TCP/IP SACK denial of service
http://xforce.iss.net/xforce/xfdb/55897

ISS X-Force
Microsoft Windows Knowledge Base Article 974145 update is not installed
http://www.iss.net/security_center/static/55898.php

CVE CVE-2010-0242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0242

CVE CVE-2010-0241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0241

CVE CVE-2010-0239
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0239

CVE CVE-2010-0240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0240
X-Force Logo
Know Your Risks		 Mitre.org CVE Logo
Common Vulnerabilties & Exposures