Secunia

Three vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

1) A boundary error in the parsing of certain fields inside SMB messages can be exploited to cause a buffer overflow via a specially crafted SMB NT Trans packet.

Successful exploitation of the vulnerability may allow execution of arbitrary code, but requires that the Server service is enabled.

2) Another error in the parsing of SMB messages can be exploited to cause a buffer overflow via a specially crafted SMB NT Trans2 packet.

Successful exploitation of the vulnerability may allow execution of arbitrary code, but requires that the Server service is enabled.

3) An input validation error in the processing of "WRITE_ANDX" packets within srv.sys can be exploited to cause an invalid memory access and crash the system via a specially crafted SMB packet.

Successful exploitation of the vulnerability without valid user credentials requires network access to an interface that allows NULL Sessions (e.g. "\LSARPC" on Windows Vista).

Solution
Apply patches.
Further details available in Customer Area

Provided and/or discovered by
1, 2) an anonymous person, reported via ZDI
3) Javier Vicente Vallejo

Changelog
Further details available in Customer Area

Original Advisory
MS09-001 (KB958687):
http://www.microsoft.com/technet/security/Bulletin/MS09-001.mspx

Javier Vicente Vallejo:
http://www.vallejo.cc/proyectos/vista_SMB_write_DoS.htm

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-001/
http://www.zerodayinitiative.com/advisories/ZDI-09-002/

Alternate/detailed remediation
Further details available in Customer Area

Deep Links
Links available in Customer Area