MS05-046 Client Service for NetWare Vulnerability

Published: 2005-10-11
Last Updated: 2005-10-11 19:50:43 UTC
by Patrick Nolan (Version: 5)
0 comment(s)
MS05-046 affects "Customers who use the Client or Gateway Service for NetWare" using Microsoft Windows 2000 Service Pack 4, Windows XP Service Pack 1, XP Service Pack 2, Windows Server 2003 and Windows Server 2003 Service Pack 1.

The update "resolves a newly-discovered, privately-reported vulnerability", MS rates it Important, and MS says update at your "earliest opportunity".

I rate it "Critical", test and deploy this update ASAP. One reason is that Microsoft notes "CSNW is commonly associated with the Internetwork Packet Exchange (IPX) and Sequenced Packet Exchange (SPX) protocols. However, CSNW could be exploited by using any installed protocol".

In the MS list of workarounds, one reasonable workaround is "Block TCP ports 139 and 445 at the firewall" and "use a personal firewall". An unreasonable workaround is that MS says you can remove CSNW.
CVE CAN-2005-1985 is "(under review)" and "Reserved" so far.

NOT AFFECTED - Microsoft Windows XP Professional x64 Edition, Windows Server 2003 for Itanium-based Systems, Windows Server 2003 with SP1 for Itanium-based Systems, Windows Server 2003 x64 Edition, Windows 98, Windows 98 Second Edition (SE), and Windows Millennium Edition (ME).

(Thanks to Patrick Nolan for putting this summary together!)
0 comment(s)


Diary Archives