Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.0723
Vulnerability in iSCSI Could Allow Denial of Service (2962485)
14 May 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Microsoft Windows
Operating System: Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2014-0256 CVE-2014-0255
Original Bulletin:
http://technet.microsoft.com/en-us/security/bulletin/ms14-028
- --------------------------BEGIN INCLUDED TEXT--------------------
Microsoft Security Bulletin - MS14-028 - Important
Vulnerability in iSCSI Could Allow Denial of Service (2962485)
Published Date: May 13, 2014
Version: 1.0
General Information
Executive Summary
This security update resolves two privately reported vulnerabilities in
Microsoft Windows. The vulnerabilities could allow denial of service if an
attacker sends large amounts of specially crafted iSCSI packets over the
target network. This vulnerability only affects servers for which the iSCSI
target role has been enabled.
This security update is rated Important for Windows Storage Server 2008 and
all supported editions of Windows Server 2012 and Windows Server 2012 R2. It
is also rated Important for iSCSI Software Target 3.3 when installed on
Windows Server 2008 R2 for x64-based Systems Service Pack 1.
Affected Software
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2012
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Vulnerability Information
iSCSI Target Remote Denial of Service Vulnerability - CVE-2014-0255
A denial of service vulnerability exists in the way that affected operating
systems handle iSCSI packets. An attacker who successfully exploited the
vulnerability could cause the affected service or services to stop
responding.
iSCSI Target Remote Denial of Service Vulnerability - CVE-2014-0256
A denial of service vulnerability exists in the way that affected operating
systems handle iSCSI connections. An attacker who successfully exploited the
vulnerability could cause the affected service or services to stop
responding.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBU3Kn2xLndAQH1ShLAQJsDQ/9GWLn8vUKgPdN/xjfp9u7LMgszhsZgvp1
AzFFpnmmSXPymrvHMmq5c+ztwDojhipvIG+Ru1p9rUiE2gywVqnoJpHRgl8HPqv3
8r/zSw3MYOhGE49wYlZXHQ2qeoC0OlueS7mxjWk99cBDHterI6tnQT6v5sF2v0du
+22YYXBIcnq83DXyL5t4XgYhfevSXIYqv+Q9RRn6qBXGdk58sYWZS87UuevZCrK1
yZKjyhQCZdTmTxT/KOHInP+VD5a/Y3B/jfmUVhXDifIDJ8jMbycD+3IEofQiOAXL
mO0v0Bm1jkGs7cMkT0TwZu413otlMpAISakRJ4znrQhDVJvO/FZSqnGgks/1Zpcu
ZlQvZIRJUlXkzvXS4bBcOEeewhvc7SvoMBSaKd3aWnm/Xc5+m2b3mzz1ubaBuxHm
Ce+4rbp7ZA8CYAq7PP3bs4jGiFiCQpM04xRAihZTqVU9knSdskn9l0cpCf65HM4J
q5K+iTe3pXsPzpB4s0cEotlHEocvcB8nPOOrEGsyYq/RdG2LrM4j0igR2Cd4axIt
QfT/7M7JPJNQaVGyby8vli8Atf1hNl5cYPI6u1lKYFt67NJEDLS+Sr+9RcG7M77R
ew6ARnAZ03jfyloBsjwHtPBsKESd/0BfO1iTpKtM+f7HMIV1GoRZ8eBMzIQYo1zw
y7vCcsd5pzo=
=zSjf
-----END PGP SIGNATURE-----