CVE-2011-1267

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista versions SP1 through SP2 Microsoft Windows Server 2008 versions Gold through R2 SP1 Microsoft Windows 7 versions Gold through SP1

Description A denial of service issue exists due to the way the Server Message Block (SMB) Protocol software handles specially crafted requests. This can be exploited by sending a crafted SMBv1 or SMBv2 request, allowing remote attackers to cause a system hang. The vulnerability can be exploited without authentication by sending a specially crafted network message to a computer running the Server service.

Recommendations For Microsoft Windows Vista versions SP1 through SP2, apply the necessary patch to fix the SMB Request Parsing issue. For Microsoft Windows Server 2008 versions Gold through R2 SP1, apply the necessary patch to fix the SMB Request Parsing issue. For Microsoft Windows 7 versions Gold through SP1, apply the necessary patch to fix the SMB Request Parsing issue. As a temporary workaround, consider restricting access to the SMB server to minimize the risk of exploitation.