Microsoft SMB Signing Information Disclosure Vulnerability Network Vulnerability

Summary

This host is disabled SMB signing and is prone to information disclosure vulnerability.

Impact

Successful exploitation could allow remote attackers to gain sensitive information. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://support.microsoft.com/kb/916846

Insight

The flaw is due to disabling SMB signing. Malicious users could sniff network traffic, capture, and reply to SMB transactions that are not signed by performing a man-in-the-middle (MITM) attack to obtain sensitive information.

Affected

Microsoft Windows XP Service Pack 2 and prior Microsoft Windows 2003 Service Pack 1 and prior

References

http://support.microsoft.com/kb/916846

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Opera web browser address bar spoofing weakness (2)
Opera web browser address bar spoofing weakness
Microsoft Windows Fraudulent Digital Certificates Spoofing Vulnerability
Mozilla/Firefox default installation file permission flaw
MS Windows HID Functionality(Over USB) Code Execution Vulnerability

Take action and discover your vulnerabilities