Microsoft Kerberos vulnerability could allow denial of service
Report ID: MS201210006
Date Published: 10 October 2012
Criticality: Important
Compromise Type: denial-of-service
Compromise From: remote
Affected Product/Component:
Windows 7
Windows Server 2008 R2
Summary
A vulnerability involving Microsoft Kerberos implementation could be exploited into causing a system to stop responding and restart.
Detailed Description
Microsoft has released a security update to address a vulnerability that exists when Microsoft Kerberos implementation fails to properly handle a specially crafted session. Upon successful exploitation, an attacker could cause the system to stop responding and restart.
This vulnerability issue has been resolved through the latest update, which introduces a correction in the way that Microsoft Kerberos implementation handles a session. Users are recommended to install the update as a protection against potential exploit attemtps.
CVE Reference
CVE-2012-2551
Solution
Install the latest security patch for applicable system, available for download from (http://technet.microsoft.com/en-us/security/bulletin/ms12-069)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.
