Microsoft Windows TCP-IP ACK Message Denial of Service Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	02/09/2009
Severity:	High
Operating Sysytem:	Microsoft Windows Vista Microsoft Windows Server 2008
Applications Affected:	TCP/IP Stack
Type:	Remote
Identifiers:	CVE-2010-0242

Synopsis

TCP/IP Stack is prone to remote code execution vulnerability via Selective ACKnowledgement messages. After successful exploitation, remote attacker can execute arbitrary code in security context of logged-in user.

Recommended Actions

Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms10-009.mspx

Threat Analysis

TCP/IP is the suite of communications protocols used for transmitting data over networks. TCP and IP are two of the protocols in this suite for providing end-to-end data flow without any error, loss and out of sequence. UDP also stands on same level as TCP in protocol suits.

TCP/IP Stack is prone to remote code execution vulnerability. This vulnerability exists when the TCP stack incorrectly validates whether the SACK request lies within the valid sequence number range. Invalid range values can cause the TCP stack to reference NULL. Successful exploitation allows to remote attacker can execute arbitrary code in security context of logged-in user.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0242

Write-up by: Gaurav Bajpai