Summary
This host is missing a critical security update according to Microsoft Bulletin MS07-058.
Impact
Successful exploitation could allow remote attackers to send a specially crafted RPC authentication request to a computer over the network and cause the computer to stop responding and automatically restart.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms07-058.mspx
Insight
The flaw is due to windows RPC code, that does not properly communicate with the 'NTLM' security provider when performing authentication of RPC requests.
Affected
Microsoft Windows XP Service Pack 2 and prior
Microsoft Windows 2000 ervice Pack 4 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows Vista
References
Severity
Classification
-
CVE CVE-2007-2228 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities
- Microsoft .NET Framework Authentication Bypass and Spoofing Vulnerabilities (2836440)
- Cumulative Security Update for Internet Explorer (953838)
- Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026)
- Message Queuing Remote Code Execution Vulnerability (951071) - Remote
- Cumulative Security Update for Internet Explorer (933566)