Microsoft Windows contains a flaw that may allow a remote denial of service. The issue is triggered when a NULL-pointer dereference error in the Netlogon RPC Service of a domain controller occurs, and may be exploited via a specially crafted RPC packet to result in a loss of availability.

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

• CVE ID: 2010-2742 (see also: NVD)
• Microsoft Knowledge Base Article: 2207559
• SCIP VulDB ID: 4227
• Secunia Advisory ID: 42615
• Bugtraq ID: 45271
• Vendor Specific News/Changelog Entry: http://blogs.technet.com/b/msrc/archive/2010/12/09/december-2010-advance-notification-service-is-released.aspx
• News Article: http://www.computerworld.com/s/article/9200642/Microsoft_slates_another_monster_Patch_Tuesday?taxonomyId=17&pageNumber=1
  http://www.informationweek.com/blog/main/archives/2010/12/patch_tuesday_t.html
  http://www.pcmag.com/article2/0,2817,2374148,00.asp
• Vendor Specific Advisory URL: http://www.microsoft.com/technet/security/bulletin/ms10-dec.mspx
• Microsoft Security Bulletin: MS10-101

• Matthias Dieter Wallnofer - Samba
• Andrew Bartlett - Samba