CVE-2010-2551

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista versions SP1 through SP2 Microsoft Windows Server 2008 versions Gold through R2 Microsoft Windows 7

Description A denial of service issue exists due to improper validation of an internal variable in SMB packets. This allows remote attackers to cause a system hang by sending crafted SMBv1 or SMBv2 packets. The vulnerability can be exploited without authentication by sending a specially crafted network message to a computer running the Server service.

Recommendations For Microsoft Windows Vista versions SP1 through SP2, update to a newer version that includes the fix for this issue. For Microsoft Windows Server 2008 versions Gold through R2, update to a newer version that includes the fix for this issue. For Microsoft Windows 7, update to a newer version that includes the fix for this issue. As a temporary workaround, consider restricting access to the SMB service to minimize the risk of exploitation.