Critical flaw in Cisco Security Agent for Windows

Summary:The flaw, which carries a CVSS rating of 10.0 (the highest possible severity score), can be exploited remotely and causes corruption of kernel memory, which leads to a Windows stop error (blue screen) or to arbitrary code execution.

Critical flaw in Cisco Security Agent for Windows
Switching and networking vendor Cisco is warning of a critical vulnerability affecting the Cisco Security Agent for Microsoft Windows.

The flaw, which carries a CVSS rating of 10.0 (the highest possible severity score), can be exploited remotely and causes corruption of kernel memory, which leads to a Windows stop error (blue screen) or to arbitrary code execution.

[ SEE: Can you really trust your security vendor? ]

Cisco Security Agent is a security software agent that provides threat protection for server and desktop computing systems.

From Cisco's alert:

The vulnerability is triggered when Cisco Security Agent is processing a crafted TCP segment destined to TCP port 139 or 445. These ports are used by the Microsoft Server Message Block (SMB) protocol. A TCP session needs to be established (that is, the TCP three-way handshake needs to be completed) for the vulnerability to be triggered.

All systems that are running a vulnerable version of Cisco Security Agent for Windows are affected. This includes Cisco products that integrate standalone Cisco Security Agents, such as Cisco IP Communications applications servers and the Cisco Security Manager.

Topics: Windows, Cisco, Enterprise Software, Networking

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.