Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: InfoSec Handlers Diary Blog - MS06-077: Remote Installation Service (RIS) remote exploit InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

MS06-077: Remote Installation Service (RIS) remote exploit

Published: 2006-12-12
Last Updated: 2006-12-12 20:58:36 UTC
by John Bambenek (Version: 1)
0 comment(s)
This vulnerability only affects Windows 2000 Server, Service Pack 4 that has RIS installed that allow anonymous access to the system that serves the installation items. If there is anonymous access, a remote user could view, change, delete data or create accounts including having malware installed on systems installed by RIS. It is possible to exploit this vulnerability over the internet if the network permissions were set that poorly to allow anonymous access to everyone. A simple firewall would prevent this vector. The patch removes the vulnerability by not allowing anonymous TFTP users write access on the file structure.

This vulnerability has not been disclosed publicly and Microsoft reports no indication of active exploitation of this vulnerability.

Microsoft ranks this update as important, however the very specific OS version needed and other mitigating technologies make this an unimportant patch for all but a few users.

Bulletin: MS06-077

--
John Bambenek
bambenek /at/ gmail /dot/ com


Keywords:
0 comment(s)
Diary Archives