Executive Summary
| Summary | |
|---|---|
| Title | Vulnerability in Windows Shared Cluster Disks Could Allow Tampering (2294255) |
| Informations | |||
|---|---|---|---|
| Name | MS10-086 | First vendor Publication | 2010-10-12 |
| Vendor | Microsoft | Last vendor Modification | 2010-11-10 |
| Severity (Vendor) | Moderate | Revision | 1.1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Revision Note: V1.1 (November 10, 2010): Added an update FAQ to explain that this update in fact corrects the permissions on existing shared cluster disks. This is an informational change only. Customers who have already successfully updated their systems do not need to take any action.Summary: This security update resolves a privately reported vulnerability in Windows shared cluster disks. The vulnerability could allow data tampering on the administrative shares of failover cluster disks. By default, Windows Server 2008 R2 servers are not affected by this vulnerability. This vulnerability only applies to cluster disks used in a failover cluster. |
Original Source
| Url : http://www.microsoft.com/technet/security/bulletin/MS10-086.mspx |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:6789 | |||
| Oval ID: | oval:org.mitre.oval:def:6789 | ||
| Title: | Permissions on New Cluster Disks Vulnerability | ||
| Description: | The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3223 | Version: | 6 |
| Platform(s): | Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 2 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 68554 | Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permissio... Microsoft Windows Server 2008 R2 contains a flaw related to the user interface in Microsoft Cluster Service failing to properly set administrative-share permissions for new cluster disks. This may allow a remote attacker to use a request to read or modify data data on these cluster disks. |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2010-10-14 | IAVM : 2010-B-0089 - Microsoft Windows Shared Cluster Disks Tampering Vulnerability Severity : Category II - VMSKEY : V0025535 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-10-13 | Name : The remote Windows host has a data tampering vulnerability. File : smb_nt_ms10-086.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:46:45 |
|
| 2013-11-11 12:41:19 |
|
