Vulnerabilities in SMB Client Could Allow Remote Code Execution
Description: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a malicious SMB server.The security update addresses the vulnerabilities by correcting the manner in which the SMB client validates responses.
Update type: Important
Release date: February 9, 2010
Applies to: All versions
Knowledge base: http://support.microsoft.com/kb/978251
- SMB Client Pool Corruption Vulnerability – CVE-2010-0016
- SMB Client Race Condition Vulnerability – CVE-2010-0017
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB978251.