CVE-2010-0021
moderate-risk
Published 2010-02-10
Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."
Do I need to act?
!
11.4% chance of exploitation in next 30 days
EPSS score — higher than 89% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.9/10
Medium
NETWORK
/ HIGH complexity
Affected Products (20)
Affected Vendors
References (6)
US Government Resource
http://www.us-cert.gov/cas/techalerts/TA10-040A.html
US Government Resource
http://www.us-cert.gov/cas/techalerts/TA10-040A.html
49
/ 100
moderate-risk
Severity
18/34 · Moderate
Exploitability
11/34 · Low
Exposure
20/34 · Moderate