Alert: Microsoft Security Bulletin MS04-006 - Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352)
From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 02/10/04
- Previous message: Russ: "Alert: Microsoft Security Bulletin MS04-005 - Vulnerability in Virtual PC for Mac could lead to privilege elevation (835150)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 10 Feb 2004 14:06:31 -0500 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Microsoft Security Bulletin MS04-006:
Vulnerability in the Windows Internet Naming Service (WINS) Could Allow
Code Execution (830352)
Bulletin URL:
http://www.microsoft.com/technet/security/bulletin/MS04-006.asp
Summary:
Version Number: V1.0
Revision Date: 02-10-2004
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Patch(es) Replaced: None
Caveats: None
CVE Number(s): CAN-2003-0825
Tested Software:
Affected Software:
* Microsoft Windows NT® Server 4.0 Service Pack 6a
<http://www.ntbugtraq.com/link/67F91E33-E2EC-4CE9-B55B-509240B1A973.asp>
* Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack
6
<http://www.ntbugtraq.com/link/FCAF39A9-73BD-4B7F-9DC1-ACED9FE61852.asp>
* Microsoft Windows 2000 Server Service Pack 2, Microsoft Windows 2000
Server Service Pack 3, Microsoft Windows 2000 Professional Service Pack
4
<http://www.ntbugtraq.com/link/FD38BD3F-2E56-45B8-B8B2-C5C798B0E70D.asp>
* Microsoft Windows Server™ 2003
<http://www.ntbugtraq.com/link/AA95192E-5B0B-45F0-B4AE-E228B0625F2D.asp>
* Microsoft Windows Server 2003 64-Bit Edition
<http://www.ntbugtraq.com/link/6FD30C00-8D60-4CFD-A115-3708138F5B00.asp>
Software Not Affected:
* Microsoft Windows NT® Workstation 4.0 Service Pack 6a
* Microsoft Windows 2000 Professional Service Pack 2, Microsoft Windows
2000 Professional Service Pack 3, Microsoft Windows 2000 Professional
Service Pack 4
* Microsoft Windows XP, Microsoft Windows XP Service Pack 1
* Microsoft Windows XP 64-Bit Edition, Microsoft Windows XP 64-Bit
Edition Service Pack 1
* Microsoft Windows XP 64-Bit Edition Version 2003, Microsoft Windows
XP 64-Bit Edition Version 2003 Service Pack 1
Technical Description:
A security vulnerability exists in the Windows Internet Naming Service
(WINS). This vulnerability exists because of the method that WINS users
to validate the length of specially-crafted packets. On Windows Server
2003 this vulnerability could allow an attacker who sent a series of
specially-crafted packets to a WINS server to cause the service to fail.
Most likely, this could cause a denial of service, and the service would
have to be manually restarted to restore functionality.
The possibility of a denial of service on Windows Server 2003 results
from the presence of a security feature that is used in the development
of Windows Server 2003. This security feature detects when an attempt is
made to exploit a stack-based buffer overrun and reduces the chance that
it can be easily exploited. This security feature can be forced to
terminate the service to prevent malicious code execution. On Windows
Server 2003, when an attempt is made to exploit the buffer overrun, the
security feature reacts and terminates the service. This results in a
denial of service condition of WINS. Because it is possible that methods
may be found in the future to bypass this security feature, which could
then enable code execution, customers should apply the update. For more
information about these security features, visit the following Web site.
On Windows NT and Windows 2000, the nature of the vulnerability is
slightly different. WINS will reject the specially-crafted packet and
the attack does not result in a denial of service. The vulnerability on
these platforms also does not allow code execution. Microsoft is
releasing a security update for these platforms that corrects the
vulnerable code as a preventive measure to help protect these platforms
in case methods are found in the future to exploit this vulnerability.
This email is sent to NTBugtraq automagically as a service to my
subscribers. (v2.3)
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
-----
NTBugtraq Editor's Note:
Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered.
-----
- Previous message: Russ: "Alert: Microsoft Security Bulletin MS04-005 - Vulnerability in Virtual PC for Mac could lead to privilege elevation (835150)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
