search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Microsoft Windows UDP packet parsing vulnerability

Vulnerability Note VU#951982

Original Release Date: 2011-11-08 | Last Revised: 2011-11-08

Overview

A vulnerability in the Microsoft Windows TCP/IP stack could allow an attacker to run arbitrary code in kernel mode or cause a denial-of-service.

Description

Microsoft Windows contains a TCP/IP stack used to process network packets for the operating system. This component contains a vulnerability when processing a continuous flow of specially crafted UDP packets, which results in an integer overflow.

Impact

Microsoft Security Bulletin MS11-083 states:

An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Solution

Apply an update
This issue is addressed in Microsoft Security Bulletin MS11-083.


Block unused UDP ports at the perimeter firewall

Microsoft is recommending states that blocking unused (closed) UDP ports at the perimeter firewall helps protect systems that are behind that firewall from attempts to exploit this vulnerability. Microsoft has additional information on tcp and udp port assignments their website.

Vendor Information

951982
 
Affected   Unknown   Unaffected

Microsoft Corporation

Updated:  November 08, 2011

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

http://technet.microsoft.com/en-us/security/bulletin/ms11-083 http://blogs.technet.com/b/srd/archive/2011/11/08/assessing-the-exploitability-of-ms11-083.aspx


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

Thanks to Microsoft Security Response Center for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs: CVE-2011-2013
Severity Metric: 20.66
Date Public: 2011-11-08
Date First Published: 2011-11-08
Date Last Updated: 2011-11-08 20:55 UTC
Document Revision: 7

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.