Alert: Microsoft Security Bulletin - MS03-001

From: Russ (Russ.Cooper@RC.ON.CA)
Date: 01/23/03

  • Next message: Russ: "Alert: Microsoft Security Bulletin - MS03-002"
    Date:         Wed, 22 Jan 2003 18:50:38 -0500
    From: Russ <Russ.Cooper@RC.ON.CA>

    Unchecked Buffer in Locator Service Could Lead to Code Execution (810833)

    Originally posted: January 22, 2003


    Who should read this bulletin: Customers using Microsoft® Windows® NT 4.0, Windows 2000, or Windows XP.

    Impact of vulnerability: Run code of the attacker's choice

    Maximum Severity Rating: Critical

    Recommendation: Customers running Windows NT 4.0 domain controllers or Windows 2000 domain controllers should apply the patch immediately. Customers should install the patch at the earliest opportunity on systems running Windows NT 4.0 (workstations and member servers), Windows 2000 (workstations and member servers), and Windows XP.

    Affected Software:
    - Microsoft Windows NT 4.0
    - Microsoft Windows NT 4.0, Terminal Server Edition
    - Microsoft Windows 2000
    - Microsoft Windows XP

    End User Bulletin: An end user version of this bulletin is available at:

    Technical description:

    The Microsoft Locator service is a name service that maps logical names to network-specific names. It ships with Windows NT 4.0, Windows 2000, and Windows XP. By default, the Locator service is enabled only on Windows 2000 domain controllers and Windows NT 4.0 domain controllers; it is not enabled on Windows NT 4.0 workstations or member servers, Windows 2000 workstations or member servers, or Windows XP.

    A security vulnerability results from an unchecked buffer in the Locator service. By sending a specially malformed request to the Locator service, an attacker could cause the Locator service to fail, or to run code of the attacker's choice on the system.

    Mitigating factors:
    - The Locator service is not enabled by default on any affected versions of Windows with the exception of Windows 2000 domain controllers and Windows NT 4.0 domain controllers.
    - A properly-configured firewall would block the calls to the Locator service, which would protect an affected machine from an Internet-based attack.

    Vulnerability identifier: CAN-2003-0003

    This email is sent to NTBugtraq automatically as a service to my subscribers. Since its programmatically created, and since its been a long time since anyone paid actual money for my programming skills, it may or may not look that good...;-]

    I can only hope that the information it does contain can be read well enough to serve its purpose.

    Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

    Delivery co-sponsored by TruSecure Corporation
    TICSA - Anniversary Special - Limited Time

    Become TICSA certified for just $221.25 US when you register before 3/31/03
    with PROMO "TS0103" at NO membership fees, certification
    good for 2 years. Price for international delivery just $296.25 US, with
    this offer. Offer cannot be combined with any other special and expires
    3/31/03. Visit for full details.


    Relevant Pages

    • Alert: Microsoft Security Bulletin MS04-044 - Vulnerabilities in Windows Kernel and LSASS Could Allo
      ... Microsoft Security Bulletin MS04-044: ... Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege ... Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 ... Windows Kernel Vulnerability - CAN-2004-0893: A privilege elevation vulnerability exists in the way that the Windows Kernel launches applications. ...
    • MinorRev: Microsoft Security Bulletin MS04-037 - Vulnerability in Windows Shell Could Allow Remote C
      ... Microsoft Security Bulletin MS04-037: ... Bulletin updated to reduce the scope of a documented workaround to only support Windows XP, Windows XP Service Pack 1, and Windows Server 2003. ... Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 ...
    • Microsoft Security Bulletin MS02-063
      ... I just applied the patch to Windows 2000 Advanced server ... Microsoft Windows 2000; Microsoft Windows XP ... >Bulletin MS02-063 which concerns a vulnerability in the ...
    • Microsoft Security Bulletin MS02-071
      ... I tried to apply this patch thru the windows update site ... Microsoft Windows NT 4.0; ... >Bulletin MS02-071 which concerns a vulnerability in the ...
    • SecurityFocus Microsoft Newsletter #177
      ... RobotFTP Server Username Buffer Overflow Vulnerability ... Ipswitch IMail Server Remote LDAP Daemon Buffer Overflow Vul... ... Microsoft Windows XP Help And Support Center Interface Spoof... ...