Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2004-02-10 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Releases Updates (1 - Critical, 2 - Important)

Published: 2004-02-10
Last Updated: 2004-02-10 23:52:53 UTC
by Tom Liston (Version: 1)
0 comment(s)
Microsoft has just released information on three updates:



The most critical of the three is entitled "ASN.1 Vulnerability Could Allow Code Execution (828028)" and affects all Windows operating systems based on the NT core (NT, 2000, XP, and Server 2003):



http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-007.asp


Essentially, there are multiple possible overflow conditions that exist within the ASN.1 implementation inside Microsoft's MSASN1.DLL.



Affected software that uses this library includes:

   - Microsoft Internet Explorer

   - Outlook express

   - Outlook

   - IIS (using SSL as in https)

   - Microsoft's Kerberos implementation

   - NTLMv2 authentication

   - Third party software using encryption certificates



This is a critical issue and should be addressed immediately, exploits are expected soon.



Additional Information on the ASN.1 issues can be found at eEye Digital Security's site:


http://www.eeye.com/html/Research/Advisories/AD20040210.html


and


http://www.eeye.com/html/Research/Advisories/AD20040210-2.html


--------------------------------------------------------------------



Listed as "Important" are two additional updates, "Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352)":



http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-006.asp


(This is a vulnerability in the WINS Service on Windows NT Server, NT Terminal Server, Windows 2000 Server and Windows Server 2003. This vulnerability is listed as "important" by Microsoft.)



and "Vulnerability in Virtual PC for Mac could lead to privilege elevation (835150)":


http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-005.asp


(The target of this vulnerability is not in widespread use and could not be effectively targeted, hence Microsoft's listing it as "important." If you know someone using this software on the Mac, please notify them, because they may not be aware of Microsoft's information distibution channels.)



--------------------------------------------------------------------



Other Stuff


We have received reports of a "download this cool game" link circulating on AOL Instant Messenger. The game, when downloaded and executed, sends IMs to your contacts, telling them to "download this cool game". And so on, and so on, and so on...


We're not entirely sure if this is to be considered a "virus" or simply "annoying IM spam."



--------------------------------------------------------------------


Handler on duty: Tom Liston - http://www.labreatechnologies.com
Keywords:
0 comment(s)
Diary Archives