Test ID:	1.3.6.1.4.1.25623.1.0.900838
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723)
Summary:	This host is missing a critical security update according to; Microsoft Bulletin MS09-048.
Description:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-048. Vulnerability Insight: An error in the TCP/IP processing can be exploited to cause connections to hang indefinitely in a FIN-WAIT-1 or FIN-WAIT-2 state, and system to stop responding to new requests by flooding it using specially crafted packets with a TCP receive window size set to a very small value or zero. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary code, and it may result in Denial of Service condition in an affected system. Affected Software/OS: - Microsoft Windows 2k Service Pack 4 and prior - Microsoft Windows 2k3 Service Pack 2 and prior - Microsoft Windows Vista Service Pack 1/2 and prior - Microsoft Windows Server 2008 Service Pack 1/2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4609 Cert/CC Advisory: TA09-251A http://www.us-cert.gov/cas/techalerts/TA09-251A.html Cisco Security Advisory: 20081017 Cisco Response to Outpost24 TCP State Table Manipulation Denial of Service Vulnerabilities http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html Cisco Security Advisory: 20090908 TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml HPdes Security Advisory: HPSBMI02473 http://marc.info/?l=bugtraq&m=125856010926699&w=2 HPdes Security Advisory: SSRT080138 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://blog.robertlee.name/2008/10/conjecture-speculation.html http://insecure.org/stf/tcp-dos-attack-explained.html http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf http://www.outpost24.com/news/news-2008-10-02.html https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html Microsoft Security Bulletin: MS09-048 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6340 Common Vulnerability Exposure (CVE) ID: CVE-2009-1925 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6374 Common Vulnerability Exposure (CVE) ID: CVE-2009-1926 BugTraq ID: 36269 http://www.securityfocus.com/bid/36269 Bugtraq: 20090909 TCP/IP Orphaned Connections Vulnerability (Google Search) http://www.securityfocus.com/archive/1/506331/100/0/threaded http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926 http://osvdb.org/57797 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.