Microsoft Windows Knowledge Base Article 977290 update is not installed (WinMs10kb977290Update)

Vuln ID: 55923
Risk Level: Low risk vulnerability  Low WinMs10kb977290Update
Platforms: Microsoft Windows 2000: SP4, Microsoft Windows Server 2003: SP2, Microsoft Windows Server 2003: SP2 Itanium, Microsoft Windows Server 2003: SP2 x64, Microsoft Windows Server 2008: x32, Microsoft Windows Server 2008: x64, Microsoft Windows Server 2008: SP2 x32, Microsoft Windows Server 2008: SP2 x64
Description:

Microsoft Knowledge Base Article 977290 is not installed, which could allow a remote attacker to exploit the following vulnerability:

Microsoft Windows is vulnerable to a denial of service, caused by a NULL pointer dereference in the Kerberos protocol implementation when processing tickets from a non-Windows Kerberos domain. By sending a specially-crafted renewal request for an existing Ticket-Granting-Ticket (TGT), a remote attacker authenticated on a non-Windows Kerberos realm that is trusted by the Windows Kerberos domain could exploit this vulnerability to prevent the domain controller from issuing any new tickets.
Remedy:

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS10-014. See References.
False Positives:
False Negatives:
Required Permission: Windows login
Additional Information:

References:

Microsoft Security Bulletin MS10-014
Vulnerability in Kerberos Could Allow Denial of Service (977290)
http://www.microsoft.com/technet/security/bulletin/ms10-014.mspx

IBM Internet Security Systems X-Force Database
Microsoft Windows Kerberos Ticket-Granting-Ticket (TGT) denial of service
http://xforce.iss.net/xforce/xfdb/55922

ISS X-Force
Microsoft Windows Knowledge Base Article 977290 update is not installed
http://www.iss.net/security_center/static/55923.php

CVE CVE-2010-0035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0035
X-Force Logo
Know Your Risks		 Mitre.org CVE Logo
Common Vulnerabilties & Exposures