Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: MS06-044: Microsoft Management Console Cross Site Scripting. SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-044: Microsoft Management Console Cross Site Scripting.
MS06-044

CRITICAL (remote code execution)

A cross site scripting attack against the Microsoft Managment Console (MMC) could be used to inject hostile code on a system used to access the MCC. Only Windows 2000 SP4 appears to be vulnerable, and the exploit is not trivial.

The advisory is a bit vague on how an exploit exactly works. But it appears that the remote site would offer a link. Clicking on the link would open MMC and include the malicious code. It is likely possible to redirect a user to the link via javascript without user interaction.

Urgency:
Clients: HIGH for Windows 2000 SP4. Patch now.
Servers: LOW. Carefully test patch first.



I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020

Johannes

3693 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!