Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct brute force attacks or to cause a DoS (Denial of Service).

1) An input validation error in the processing of SMB requests (Server Message Block) can be exploited to cause a buffer overflow via a specially crafted SMB packet.

Successful exploitation may allow execution of arbitrary code, but requires valid user credentials.

2) A race condition in the processing of SMB packets during the Negotiate phase can be exploited to corrupt memory and cause the system to stop accepting requests via a specially crafted SMB packet.

3) An error when verifying the "share" and "servername" fields in SMB packets can be exploited to cause the system to stop accepting requests via a specially crafted SMB packet.

4) A lack of cryptographic entropy when the SMB server generates challenges during SMB NTLM authentication can be exploited to bypass the authentication mechanism and access SMB network resources by brute forcing a valid authentication token.

Solution
Apply patches.
Further details available in Customer Area

Provided and/or discovered by
4) Hernan Ochoa

The vendor credits:
1) Joshua Morin, Codenomicon
2) Florian Rienhardt, BSI

Changelog
Further details available in Customer Area

Original Advisory
MS10-012 (KB971468):
http://www.microsoft.com/technet/security/Bulletin/MS10-012.mspx

Hernan Ochoa:
http://www.hexale.org/advisories/OCHOA-2010-0209.txt

Deep Links
Links available in Customer Area