Alert: Microsoft Security Bulletin MS04-045 - Vulnerability in WINS Could Allow Remote Code Execution (870763)

From: Russ Cooper (Russ.Cooper_at_TRUSECURE.CA)
Date: 12/14/04

  • Next message: Marc Bejarano: "Windows Firewall update available"
    Date:         Tue, 14 Dec 2004 13:26:52 -0500
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Microsoft Security Bulletin MS04-045:
    Vulnerability in WINS Could Allow Remote Code Execution (870763)

    Bulletin URL:
    <http://www.microsoft.com/technet/security/bulletin/MS04-045.mspx>

    Version Number: 1.0
    Issued Date: Tuesday, December 14, 2004
    Impact of Vulnerability: Remote Code Execution
    Maximum Severity Rating: Important
    Patch(es) Replaced: This bulletin replaces a prior security update. See the frequently asked questions (FAQ) section of this bulletin for the complete list.
    Caveats: None

    Tested Software:
    Affected Software:
    ------------------
    * Microsoft Windows NT Server 4.0 Service Pack 6a
    <http://tinyurl.com/653d3>
    * Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
    <http://tinyurl.com/58uh2>
    * Microsoft Windows 2000 Server Service Pack 3 and Microsoft Windows 2000 Server Service Pack 4
    <http://tinyurl.com/7y994>
    * Microsoft Windows Server 2003
    <http://tinyurl.com/3jaxu>
    * Microsoft Windows Server 2003 64-Bit Edition
    <http://tinyurl.com/5blpw>

    Technical Description:
    ----------------------
    * Name Validation Vulnerability - CAN-2004-0567: A remote code execution vulnerability exists in WINS because of the way that it handles computer name validation. An attacker could exploit the vulnerability by constructing a malicious network packet that could potentially allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

    * Association Context Vulnerability - CAN-2004-1080: A remote code execution vulnerability exists in WINS because of the way that it handles association context validation. An attacker could exploit the vulnerability by constructing a malicious network packet that could potentially allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, attempts to exploit this vulnerability would most likely result in a denial of service on Windows Server 2003. The service would have to be restarted to restore functionality.

    This email is sent to NTBugtraq automagically as a service to my subscribers. (v4.01.1796.25439)

    Cheers,
    Russ - Senior Scientist - TruSecure Corporation/NTBugtraq Editor

    --
    Editor's Note: The 43rd Most Powerful Person in Networking says...
    Register today to take the TruSecure ICSA exam by 12/31/04  at
    <http://www.2test.com> ,  use promo code "CT1204" and you will pay just
    $221.25 US Dollars for domestic exam delivery and  $296.25 US Dollars
    for international delivery.
    Visit <https://ticsa.trusecure.com>  for complete details regarding the
    TICSA credential and to take the free sample exam.
    --
    

  • Next message: Marc Bejarano: "Windows Firewall update available"