Summary
This host is missing a critical security update according to Microsoft Bulletin MS11-030.
Impact
Successful exploitation could allow remote attacker to execute arbitrary code in the context of the NetworkService account.
Impact Level: System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms11-030.mspx
Insight
The flaws are due to the way the DNS client handles specially crafted LLMNR queries.
Affected
Micorsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2003 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior
References
Severity
Classification
-
CVE CVE-2011-0657 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066)
- Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)
- Microsoft DirectShow Remote Code Execution Vulnerability (977935)
- Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220)
- Bluetooth Stack Could Allow Remote Code Execution Vulnerability (951376)