Microsoft addresses Windows SMB Client vulnerability via MS10-020 bulletin

Microsoft released MS10-020, which addresses several vulnerabilities in the Windows SMB client. “The first thing to realize’s that this update addresses vulnerabilities in SMB client in Windows. Typically, machines that act as SMB clients are Windows client machines, not server machines. However, it’s possible for Windows server machine to also act as SMB client, and […]

Microsoft released MS10-020, which addresses several vulnerabilities in the Windows SMB client. “The first thing to realize’s that this update addresses vulnerabilities in SMB client in Windows. Typically, machines that act as SMB clients are Windows client machines, not server machines. However, it’s possible for Windows server machine to also act as SMB client, and depending on server role and software being used it may be a common scenario. For e.g.: Terminal Server scenarios; logging on to server as an administrator and accessing files on network; Servers that mirror content from another SMB server. It should also be noted that Browser service, which runs by default on both client & server machines, could be used to facilitate an attack without user interaction. See KB188001 for more details on Browser service),” notes Microsoft.

More info: MS10-020: SMB Client Update