Switching and networking vendor Cisco is warning of a critical vulnerability affecting the Cisco Security Agent for Microsoft Windows.
The flaw, which carries a CVSS rating of 10.0 (the highest possible severity score), can be exploited remotely and causes corruption of kernel memory, which leads to a Windows stop error (blue screen) or to arbitrary code execution.
Cisco Security Agent is a security software agent that provides threat protection for server and desktop computing systems.
From Cisco's alert:
The vulnerability is triggered when Cisco Security Agent is processing a crafted TCP segment destined to TCP port 139 or 445. These ports are used by the Microsoft Server Message Block (SMB) protocol. A TCP session needs to be established (that is, the TCP three-way handshake needs to be completed) for the vulnerability to be triggered.
All systems that are running a vulnerable version of Cisco Security Agent for Windows are affected. This includes Cisco products that integrate standalone Cisco Security Agents, such as Cisco IP Communications applications servers and the Cisco Security Manager.