Windows contains a flaw that may allow a remote denial of service. The issue is triggered when the kernel processes malformed WRITE_ANDX SMB packets, and will result in loss of availability for the platform.

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

• Security Tracker: 1020887
• CVE ID: 2008-4114 (see also: NVD)
• Bugtraq ID: 31179
• Secunia Advisory ID: 31883
• ISS X-Force ID: 45146
• Metasploit ID: 48153
• OVAL ID: 5262 6044
• Milw0rm: 6463
• Exploit Database: 6463
• VUPEN Advisory: ADV-2008-2583
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2008-09/0168.html
• Other Advisory URL: http://www.breakingpointsystems.com/community/blog/2009_microsoft_tuesday_coverage
  http://www.reversemode.com/index.php?option=com_content&task=view&id=54&Itemid=1
  http://www.vallejo.cc/proyectos/vista_SMB_write_DoS.htm
• News Article: http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=212900197
• Microsoft Security Bulletin: MS09-001
• CERT: TA09-013A

• Javier Vicente Vallejo