SANS ISC: Microsoft Security Bulletins

• SANS Site Network
  • Current Site
  • SANS Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

SANS ISC InfoSec Forums

Microsoft has released patches for Windows 2000, NT 4.0 and XP.

Item 1
Title: Flaw in ISAPI Extension for Windows Media Services
Could Cause Denial of Service (817772)
Date: 28 May 2003
Software: Microsoft(r) Windows NT(r) 4.0, and Windows(r) 2000
Impact: Allow an attacker to execute code of their choice
Max Risk: Moderate
Bulletin: MS03-019

There is a flaw in the way in which nsiislog.dll processes incoming requests. A vulnerability exists because an attacker could send specially formed communications to the server that could cause IIS to stop responding to Internet requests.
Item 2
Title: Cumulative Patch for Internet Information Service
(811114)
Date: 28 May 2003
Software: Microsoft(r) Windows NT(r) 4.0, Windows(r) 2000, or
Windows(r) XP
Impact: Allow an attacker to execute code of their choice
Max Risk: Important
Bulletin: MS03-018

Redirection Cross Site Scripting CAN-2003-0223

Server Side Include Web Pages Buffer Overrun CAN-2003-0224

ASP Headers Denial of Service CAN-2003-0225

WebDAV Denial of Service CAN-2003-0226
Item 3 - Update to previous bulletin
Title: Unchecked Buffer In Windows Component Could Cause
Server Compromise (815021)
Released: 17 Mar 2003
Revised: 28 May 2003 (version 3.0)
Software: Microsoft (r) Windows (r) NT 4.0, Windows 2000 and
Windows XP
Impact: Run code of attacker's choice
Max Risk: Critical
Bulletin: MS03-007

An attacker could exploit the vulnerability by sending a specially formed HTTP request to a machine running Internet Information Server (IIS). The request could cause the server to fail or to execute code of the attacker?s choice. The code would run in the security context of the IIS service (which, by default, runs in the LocalSystem context).
Item 4 - Update to previous bulletin
Title: Buffer Overrun in Windows Kernel Message Handling could
Lead to Elevated Privileges (811493)
Released: 16 April 2003
Revised: 28 May 2003 (version 2.0)
Software: Microsoft(r) Windows NT(r) 4.0, Windows(r) 2000 and
Windows(r) XP
Impact: Local Elevation of Privilege
Max Risk: Important
Bulletin: MS03-013

There is a flaw in the way the kernel passes error messages to a debugger. A vulnerability results because an attacker could write a program to exploit this flaw and run code of their choice. An attacker could exploit this vulnerability to take any action on the system including deleting data, adding accounts with administrative access, or reconfiguring the system.
References:
-----------

SPI Security Alert regarding IIS webdav Denial Of Service:
http://www.spidynamics.com/iis_alert.html

NSFOCUS Security Alert regarding SSI IIS 5.0 buffer overflow:
http://www.nsfocus.com/english/homepage/sa2003-05.htm

Microsoft Security Bulletins:
http://www.microsoft.com/technet/security/bulletin/MS03-018.asp
http://www.microsoft.com/technet/security/bulletin/MS03-013.asp
http://www.microsoft.com/technet/security/bulletin/MS03-007.asp
http://www.microsoft.com/technet/security/bulletin/MS03-019.asp

contributed by:
Deborah Hale. haled@pionet.net
Pedro Bueno. bueno@ieee.org
Feedback please to isc@sans.org