Update Protection against Microsoft Windows SMB mrxsmb.sys Remote Heap Overflow Vulnerability (MS11-019)
| Check Point Reference: | CPAI-2011-018 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Microsoft Security Bulletin MS11-019 | |
| Industry Reference(s): | CVE-2011-0654 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Microsoft Windows XP SP3 Microsoft Windows Server 2003 SP2 | ||
| Vulnerability Description A heap buffer overflow vulnerability has been reported in the Microsoft Windows Server Message Block (SMB) implementation. The SMB Protocol is a network file sharing protocol that is implemented in Microsoft Windows. A remote attacker may exploit this vulnerability to create a denial of service condition or take complete control of a vulnerable system. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS11-019 |
|
|
Vulnerability Details The vulnerability is due to a heap overflow error in the "BowserWriteErrorLogEntry()" function within the Windows NT SMB Minirdr "mrxsmb.sys" driver when processing malformed Browser Election requests. A remote attacker could exploit this flaw by constructing a specially crafted Browser Election request and sending it to a target server. Successful exploitation of this vulnerability could cause the affected system to crash and might result in arbitrary code execution with elevated privileges. |
Protection Overview
This protection will detect and block Browser Election requests attempting to exploit this vulnerability.
In order for the protection to be activated, update your Security Gateway/VPN-1 product to the latest IPS/SmartDefense update. For information on how to update IPS/SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.