Re: Microsoft Security Bulletin MS03-026, latest windows 2000 patch

From: Miha Pihler (miha.pihler_at_Atlantis-N0Spam.si)
Date: 08/02/03 

Date: Sat, 2 Aug 2003 11:23:45 +0200

Yes. In theory it is possible. Let's take a look at this scenario.

A user inside your network downloads (e.g. from web site, e-mail, etc.) a
virus that exploits vulnerability described in MS03-026. Virus finds a
workstation that is not patched and it just happens to be a Domain Admin
workstation. Since you workstation is not patched virus exploits the
security hole. Now the virus has domain admin rights to do anything on your
network that it wants (erase any data on any PC that is in domain etc...)

I know it is a long shot, but do you want to take a chance (and
responsibility)? :-) 

-- 
Mike
MCSA 2K, MCSE 2K, MCT, ...
"Billy" <email@email.email> wrote in message
news:069901c358b3$138a0af0$a301280a@phx.gbl...
> Hello:
> I'm kind of confused by the Technical Description of this
> patch that Windows provides at
> http://www.microsoft.com/technet/treeview/?
> url=/technet/security/bulletin/MS03-026.asp
>
> Here is my problem, I have installed SP4 and all the
> latest patches on my servers and on most workstations on
> my network.  Here is the problem, I know that my Servers
> are protected from the issues in the MS03-026, patch
> because they have SP4 and all the latest updates,
> patches, hotfixes, etc from the windows update web site
> and most of my workstations are protected. Some of the
> worktstations do not have the latest patches installed.
> Do I run the risk of getting attacked on the workstations
> and then the hacker running code to attach to my
> servers?  Is it possible for a vulernabilty like this to
> attack a workstation that is not completely patched and
> then let the hacker connect to a server (that is
> completely patched) from the workstation and then delete
> files or damage the server?
> Many thanks in advance!!!
> Billy

Relevant Pages

  • Re: Microsoft Security Bulletin MS03-026, latest windows 2000 patch
    ... If you have many PCs to patch, think about deploying SUS (Software Update ... > The workstation on the network that have Domain Admin ... >>latest patches on my servers and on most workstations on ... I know that my Servers ...
    (microsoft.public.win2000.security)
  • Microsoft Security Bulletin MS03-026, latest windows 2000 patch
    ... The workstation on the network that have Domain Admin ... >latest patches on my servers and on most workstations on ... I know that my Servers ...
    (microsoft.public.win2000.security)
  • Re: Help with virus on 2000 machine
    ... | patches are needed? ... these servers have no access to the internet. ... it's now starting to shutdown by itself ... This includes what anti virus software is indicating "Downloader" which, by the way, is a ...
    (microsoft.public.win2000.general)
  • Re: Microsoft Security Bulletin MS03-026, latest windows 2000 patch
    ... Patch everything with the MS03-026 patch, ... > The workstation on the network that have Domain Admin ... >> latest patches on my servers and on most workstations on ... I know that my Servers ...
    (microsoft.public.win2000.security)
  • Re: IIS Hack : Anyone explain cause...
    ... But as noted it was an NIMDA virus on the machine which caused the ... protected rant as we all know that IIS and indeed lots of software has ... bugs...this is why a whole host of patches have recently been released ... the virus was non-destructive and our global ...
    (microsoft.public.inetserver.iis)