Gravità: : Critico
  Identificatori CVE: CVE-2008-4250
  Data notifica: 04 aprile 2012

  Descrizione

This security update resolves a privately reported vulnerability in the Server service. This vulnerability could allow remote code execution if an affected system received a specially-crafted RPC request.

This vulnerability may be used by malicious users in the crafting of a wormable exploit. It is recommended to observe firewall best practices and standard default firewall configurations to protect network resources from attacks exploiting this vulnerability.

  Informazioni esposizione:

Trend Micro clients using OfficeScan with Intrusion Defense Firewall (IDF) may refer to the table below for the pattern filter identifier(s):

Microsoft Bulletin ID Vulnerability ID Identifier & Title IDF First Pattern Version IDF First Pattern Release Version
MS08-067 CVE-2008-4250 1002975 - Server Service Vulnerability (wkssvc)
MS08-067 CVE-2008-4250 1003080 - Server Service Vulnerability (srvsvc)

  Software e versione interessati:

  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 Service Pack 2
  • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition
  • Microsoft Windows Server 2003 x64 Edition Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows XP Professional x64 Edition Service Pack 2
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Service Pack 3
  • Windows Server 2008 for 32-bit Systems
  • Windows Server 2008 for Itanium-based Systems
  • Windows Server 2008 for x64-based Systems
  • Windows Vista
  • Windows Vista Service Pack 1
  • Windows Vista x64 Edition
  • Windows Vista x64 Edition Service Pack 1