CVE-2010-0021

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista versions Gold, SP1, and SP2 Microsoft Windows Server 2008 versions Gold, SP2, and R2 Microsoft Windows 7 (affected versions not specified)

Description A denial of service issue exists due to multiple race conditions in the SMB implementation in the Server service. This allows remote attackers to cause a system hang via crafted SMBv1 or SMBv2 Negotiate packets. The vulnerability can be exploited by sending a specially crafted network message to a computer running the Server service, and does not require authentication.

Recommendations For Microsoft Windows Vista versions Gold, SP1, and SP2: update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 versions Gold, SP2, and R2: update to a newer version to mitigate the risk. For Microsoft Windows 7: At the moment, there is no information about a newer version that contains a fix for this vulnerability.