MinorRev: Microsoft Security Bulletin MS03-043 - Buffer Overrun in Messenger Service Could Allow Code Execution (828035)

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 11/14/03

  • Next message: Russ: "MinorRev: Microsoft Security Bulletin MS03-051 - Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)" 
    Date:         Fri, 14 Nov 2003 17:32:40 -0500
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Reason for Revision:
    V2.2 November 14, 2003: Subsequent to the release of this bulletin, it
    was determined that the update for Windows XP did not properly place the
    updated file wkssvc.dll into the %systemroot%\system32\dllcache. This
    problem is unrelated to the security vulnerability discussed in this
    bulletin. Microsoft recommends that customers who have previously
    applied the security update reinstall the latest version to insure that
    their system remains protected in the event that the wkssvc.dll is ever
    deleted or becomes corrupt. More information on this is available in the
    FAQ section of this bulletin. Caveats section has been updated to
    include new information relevant to NT 4.0 clients.

    Microsoft Security Bulletin MS03-043:
    Buffer Overrun in Messenger Service Could Allow Code Execution (828035)

    Bulletin URL:
    http://www.microsoft.com/technet/security/bulletin/MS03-043.asp

    Summary:
     Version Number: V2.2
     Revision Date: 11-14-2003
     Impact of Vulnerability: Remote Code Execution
     Maximum Severity Rating: Critical
     Patch(es) Replaced: None
     Caveats: Windows NT 4.0 Client Computers may have network-related
    problems after installing this security update. Microsoft encourages
    customers to review the details of Microsoft Knowledge Base Article
    http://support.microsoft.com/?kbid=831579
     CVE Number(s): CAN-2003-0717

    Tested Software:
     Affected Software:
     * Microsoft Windows NT Workstation 4.0, Service Pack 6a
    <http://www.ntbugtraq.com/link/7597FCF4-6615-4074-9E46-A17D808ED38D.asp>
     * Microsoft Windows NT Server 4.0, Service Pack 6a
    <http://www.ntbugtraq.com/link/B1949456-996A-485A-9A28-79FD79F26A1B.asp>
     * Microsoft Windows NT Server 4.0, Terminal Server Edition, Service
    Pack 6
    <http://www.ntbugtraq.com/link/64AB4B66-1A6E-4264-93A8-26CDB98B05A8.asp>
     * Microsoft Windows 2000, Service Pack 2, Service Pack 3, Service Pack
    4
    <http://www.ntbugtraq.com/link/99F1B40D-906A-4945-A021-4B494CCCBDE0.asp>
     * Microsoft Windows XP Gold, Service Pack 1
    <http://www.ntbugtraq.com/link/F02DA309-4B0A-4438-A0B9-5B67414C3833.asp>
     * Microsoft Windows XP 64-bit Edition
    <http://www.ntbugtraq.com/link/2BE95254-4C65-4CA5-80A5-55FDF5AA2296.asp>
     * Microsoft Windows XP 64-bit Edition Version 2003
    <http://www.ntbugtraq.com/link/8B990946-84C8-4C91-899C-5A44EC13174E.asp>
     * Microsoft Windows Server 2003
    <http://www.ntbugtraq.com/link/1DF106F3-7EC4-4EB0-9143-C1E3C9E2F5F8.asp>
     * Microsoft Windows Server 2003 64-bit Edition
    <http://www.ntbugtraq.com/link/8B990946-84C8-4C91-899C-5A44EC13174E.asp>

     Software Not Affected:
     * Microsoft Windows Millennium Edition

    This email is sent to NTBugtraq automagically as a service to my
    subscribers. (v2.2)

    Cheers,
    Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

    -----
    Marcus Ranum's new book "The Myth of Homeland Security" is now out and
    is available from http://www.amazon.com/ranum In this hard-hitting
    review of the homeland security business, Ranum shows us how the problem
    is vastly harder than it's being made to sound, and how special
    interests, *** covering, and bureaucracy are threatening to derail any
    chance of making progress.
    -----

  • Next message: Russ: "MinorRev: Microsoft Security Bulletin MS03-051 - Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)"
    • Quantcast