Vulnerability in SMB Could Allow Remote Code Execution
Description: This security update resolves a privately reported vulnerability in Microsoft Server Message Block (SMB) Protocol. The vulnerability could allow remote code execution on a server that is sharing files or folders. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by modifying the way that SMB handles file name length validation and file sharing.
Update type: Important
Release date: October 14, 2008
Applies to: All
Knowledge base: http://support.microsoft.com/kb/957095
Comments: Here are the specifics on the vulnerabilities covered by this update:
- SMB Buffer Underflow Vulnerability – CVE-2008-4038
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB957095.