Alert: Microsoft Security Bulletin - MS03-005

From: Russ (Russ.Cooper@RC.ON.CA)
Date: 02/05/03

Next message: NTBUGTRAQ: "Some questions"

Previous message: Russ: "Alert: Microsoft Security Bulletin - MS03-004"
Next in thread: Daniel Dočekal: "Windows Update (again) unavailable for non Internet Explorer users"
Reply: Daniel Dočekal: "Windows Update (again) unavailable for non Internet Explorer users"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Wed, 5 Feb 2003 14:10:28 -0500
From: Russ <Russ.Cooper@RC.ON.CA>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

http://www.microsoft.com/technet/security/bulletin/MS03-005.asp

Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577)

Originally posted: February 5, 2003

Summary

Who should read this bulletin: Customers using Microsoft® Windows® XP.

Impact of vulnerability: Local elevation of privileges

Maximum Severity Rating: Important

Recommendation: Customers should consider applying the patch.

Affected Software:
- Microsoft Windows XP

Technical description:

The Windows Redirector is used by a Windows client to access files, whether local or remote, regardless of the underlying network protocols in use. For example, the "Add a Network Place" Wizard or the NET USE command can be used to map a network share as a local drive, and the Windows Redirector will handle the routing of information to and from the network share.

A security vulnerability exists in the implementation of the Windows Redirector on Windows XP because an unchecked buffer is used to receive parameter information. By providing malformed data to the Windows Redirector, an attacker could cause the system to fail, or if the data was crafted in a particular way, could run code of the attacker's choice.

Mitigating factors:
- An attacker would require the ability to log onto the system interactively in order to run programs that use the Windows Redirector. This vulnerability cannot be exploited remotely.
- Windows XP systems that are not shared between users would not be at risk.

Vulnerability identifier: CAN-2003-0004

This email is sent to NTBugtraq automatically as a service to my subscribers. Since its programmatically created, and since its been a long time since anyone paid actual money for my programming skills, it may or may not look that good...;-]

I can only hope that the information it does contain can be read well enough to serve its purpose.

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure Corporation
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
TICSA - Anniversary Special - Limited Time

Become TICSA certified for just $221.25 US when you register before 3/31/03
with PROMO "TS0103" at www.2test.com. NO membership fees, certification
good for 2 years. Price for international delivery just $296.25 US, with
this offer. Offer cannot be combined with any other special and expires
3/31/03. Visit www.trusecure.com/ticsa for full details.

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

Next message: NTBUGTRAQ: "Some questions"
Previous message: Russ: "Alert: Microsoft Security Bulletin - MS03-004"
Next in thread: Daniel Dočekal: "Windows Update (again) unavailable for non Internet Explorer users"
Reply: Daniel Dočekal: "Windows Update (again) unavailable for non Internet Explorer users"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]