Welcome to the Virus Encyclopedia of Panda Security.
MS10-054 is not categorized as virus, worm, Trojan or backdoor. It is a group of critical vulnerabilities in the Server Message Block (SMB) protocol on Windows 2008/7/Vista/2003/XP, which allows arbitrary code to be remotely executed and denial of service attacks to be launched.
Server Message Block (SMB) is the file sharing protocol used by default on Windows-based computers.
The addressed vulnerabilities are:
- SMB Pool Overflow vulnerability: this remote code execution vulnerability occurs because SMB implementation improperly validates fields in a malformed SMB request.
If exploited successfully, MS10-054 allows hackers to gain remote control of the affected computer with the same privileges as the logged on user. If this user had administrator rights, the hacker could take complete control of the system: create, modify or delete files, install programs, create new user accounts, etc.
- SMB Variable Validation vulnerability: a denial of service vulnerability that occurs because the SMB protocol does not properly validate an internal variable when parsing specially crafted SMB packets.
- SMB Stack Exhaustion vulnerability: a denial of service vulnerability that occurs because the SMB protocol does not sufficiently handle specially crafted compounded requests.
If exploited sucessfully, MS10-054 could cause the vulnerable system to stop responding until it is restarted.
MS10-054 is usually exploited by creating a specially crafted SMB packet and sending it to an affected system.
If you have a Windows 2008/7/Vista/2003/XP computer, it is recommended to download and apply the security patch for this vulnerability. Click here to access the web page for downloading the patch.
Bear in mind that this security bulletin replaces a previous one called MS10-012.