search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Microsoft SMBv2 signing vulnerability

Vulnerability Note VU#520465

Original Release Date: 2007-12-12 | Last Revised: 2007-12-12


A vulnerability in the way Microsoft Server Message Block Version 2 (SMBv2) implements digital signing of packets may allow a remote, unauthenticated attacker to gain local user privileges and execute arbitrary code.


Microsoft Server Message Block (SMB) Protocol is a network file sharing protocol used by default on Windows based computers. SMBv2 is supported on computers running Windows Server 2008 and Windows Vista. SMBv2 packet signing - used over all SMB communications - is critical for enabling recipients to verify the source and authenticity of the packet. A flaw exists in the way SMBv2 implements packet signing which may allow an attacker to modify a packet in transit, gain local user access to the system and execute arbitrary code.


A remote, unauthenticated attacker may be able to execute arbitrary code with local user privileges on an affected system.


Microsoft has published Microsoft Security Bulletin MS07-063 in response to this issue. Users are strongly encouraged to review this bulletin and apply the referenced patches.

In addition to the patches referenced above, Microsoft has published workarounds for this issue. Users who are unable to apply the patches are strongly encouraged to implement these workarounds as appropriate.

Vendor Information


Microsoft Corporation Affected

Updated:  December 12, 2007



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


Microsoft has published Microsoft Security Bulletin MS07-063 in response to this issue.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector



This vulnerability was reported by the vendor.

This document was written by Joseph W. Pruszynski.

Other Information

CVE IDs: CVE-2007-5351
Severity Metric: 9.05
Date Public: 2007-12-11
Date First Published: 2007-12-12
Date Last Updated: 2007-12-12 20:35 UTC
Document Revision: 12

Sponsored by CISA.