CVE-2010-0231
Microsoft Windows - NTLM Weak Nonce (MS10-012)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
La implementación del SMB en el servicio Server en Microsoft Windows 2000 SP4, Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, y SP2, Windows Server 2008 Gold, SP2, y R2, y Windows 7, no utiliza una fuente con suficiente entropía, lo que permite a atacantes remotos conseguir el acceso a ficheros y a otros recursos SMB a través de un gran número de peticiones de autenticación, relativo a desafíos generador por el servidor, ciertos valores duplicados, y espiado de elementos de autenticación, también conocido como "SMB NTLM Authentication Lack of Entropy Vulnerability."
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-01-07 CVE Reserved
- 2010-02-10 CVE Published
- 2010-10-17 First Exploit
- 2024-08-07 CVE Updated
- 2024-10-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
- CWE-310: Cryptographic Issues
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.us-cert.gov/cas/techalerts/TA10-040A.html | Third Party Advisory | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7751 | Signature |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/15266 | 2010-10-17 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-012 | 2023-12-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | * | sp2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | * | sp2, itanium |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | - | sp2, x64 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | - | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | itanium |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | x32 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | x64 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | r2, itanium |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | r2, x64 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | sp2, x32 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | sp2, x64 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | - | sp2, itanium |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | x64 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | sp2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2, pro_x64 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp3 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | sp2, x64 |
Affected
|