ISS Protection Brief: Multiple Vulnerabilities in Microsoft Products

From: X-Force (xforce_at_iss.net)
Date: 10/12/04


Date: Tue, 12 Oct 2004 14:04:36 -0400 (EDT)
To: alert@iss.net


-----BEGIN PGP SIGNED MESSAGE-----

Internet Security Systems Protection Brief
October 12, 2004

Multiple Vulnerabilities in Microsoft Products . October 2004

Summary:

Microsoft has released several security bulletins which describe
vulnerabilities affecting many components of the operating system. Updates
have been issued that address network-based remote compromise vulnerabilities
in the SMTP service, NTTP service, and NetDDE. A vulnerability has been
discovered in ASP.NET which may allow an attacker to bypass authentication
mechanisms and access restricted resources. In addition, a serious client-side
vulnerability has been discovered in compressed (zip) folders.

Business Impact:

Successful exploitation could be leveraged to gain complete control
over target systems, and might lead to malware installation, exposure
of confidential information, or further network compromise. It is
possible for an attacker to run arbitrary code or gain access to restricted
resources on vulnerable systems by exploiting any of the aforementioned
vulnerabilities. The network-based remote vulnerabilities could be exploited
without any user-interaction, while the client-side vulnerabilities require
minimal user-interaction for exploitation.

For the complete X-Force Protection Alert, please visit:
http://xforce.iss.net/xforce/alerts/id/183

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBQWwcojRfJiV99eG9AQHeRwP/Qdy3FYOti+A/aQZNZsZSFkOT6wOCU+Im
8BgTlhHTIyxm+Z1JoTcOlkyrvAjYtXAvc5btVVnAf0JWIJX+wV2+yf2Fj8Xpxcf7
hksbmGlKvJ8zDOYOkKpmZPPfDR1YoW7fJgqR9Zb/3NupKhKN7rDAA/CdMGlbjM++
MCAtVhP5Xrk=
=/BjZ
-----END PGP SIGNATURE-----