Joshua Morin

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Vista versions SP1 through SP2 Microsoft Windows Server 2008 versions Gold through R2 Microsoft Windows 7 (affected versions not specified) **Description** A denial of service issue exists due to the way the Server Message Block (SMB) Protocol software handles specially crafted SMB compounded requests. This can be exploited by sending a specially crafted network message to a computer running the Server service, allowing remote attackers to cause a system hang. No authentication is required for an attacker to exploit this issue. **Recommendations** For Microsoft Windows Vista versions SP1 through SP2, apply the recommended patch to resolve the issue. For Microsoft Windows Server 2008 versions Gold through R2, apply the recommended patch to resolve the issue. For Microsoft Windows 7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the fixed version **Description** The issue arises from the improper validation of request fields in the SMB implementation, allowing remote authenticated users to execute arbitrary code via a malformed request. An authenticated remote code execution issue exists in the way Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB packets. An attacker could exploit this by sending a specially crafted network message to a system running the Server service as an authenticated user. Successful exploitation could result in complete control of the affected system, although it will most probably cause a Denial of Service condition. **Recommendations** For Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 **Description** A buffer underflow issue exists in the Server Message Block (SMB) protocol, allowing remote attackers to execute arbitrary code via a crafted filename in an SMB request. The vulnerability can be exploited when the share type is a disk, which by default requires authentication. Successful exploitation could allow an attacker to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Windows 2000 SP4, update to a newer version to mitigate the risk. For Microsoft Windows XP SP2 and SP3, update to a newer version to mitigate the risk. For Microsoft Windows Server 2003 SP1 and SP2, update to a newer version to mitigate the risk. For Microsoft Windows Vista Gold and SP1, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to disk shares to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Liferay Enterprise Portal version 4.3.1 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `emailAddress` parameter in a Send New Password action. **Recommendations** For Liferay Enterprise Portal version 4.3.1, consider restricting access to the `/c/portal/login` endpoint until a fix is available. As a temporary workaround, avoid using the `emailAddress` parameter in the affected Send New Password action to minimize the risk of exploitation.