[thelist] Fwd: CERT Advisory CA-2003-27 Multiple Vulnerabilities in Microsoft Windows
Anthony Baratta
Anthony at Baratta.com
Thu Oct 16 17:37:19 CDT 2003
Time to hit the update service at MS again.
There are fixes there for a **NEW** RPC vulnerability. The previous fixes
for the RPC vulnerability that hosed the internet a month or two ago **do
not** protect you from this new hole.
Practice safe hex people.
>From: CERT Advisory <cert-advisory at cert.org>
>To: cert-advisory at cert.org
>Organization: CERT(R) Coordination Center - +1 412-268-7090
>Subject: CERT Advisory CA-2003-27 Multiple Vulnerabilities in Microsoft
>Windows and Exchange
>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>
>CERT Advisory CA-2003-27 Multiple Vulnerabilities in Microsoft Windows
>and Exchange
>
> Original issue date: October 16, 2003
> Last revised: --
> Source: CERT/CC
>
> A complete revision history is at the end of this file.
>
>
>Systems Affected
>
> * Multiple versions of Microsoft Windows (ME, NT 4.0, NT 4.0 TSE,
> 2000, XP, Server 2003)
> * Microsoft Exchange Server 5.5 and Microsoft Exchange Server 2000
>
>
>Overview
>
> There are multiple vulnerabilities in Microsoft Windows and Microsoft
> Exchange, the most serious of which could allow remote attackers to
> execute arbitrary code.
>
>
>I. Description
>
> There are a number of vulnerabilities in Microsoft Windows and
> Microsoft Exchange that could allow an attacker to gain administrative
> control of a vulnerable system. The most serious of these
> vulnerabilities allow an unauthenticated, remote attacker to execute
> arbitrary code with no action required on the part of the victim. For
> detailed information, see the following vulnerability notes:
>
> VU#575892 - Buffer overflow in Microsoft Windows Messenger Service
> There is a buffer overflow in the Messenger service on most recent
> versions of Microsoft Windows that could allow an attacker to
> execute arbitrary code.
> (Other resources: MS03-043, CAN-2003-0717)
>
> VU#422156 - Microsoft Exchange Server fails to properly handle
> specially crafted SMTP extended verb requests
> Microsoft Exchange fails to handle certain SMTP extended verbs
> correctly. In Exchange 5.5, this can lead to a denial-of-service
> condition. In Exchange 2000, this could permit an attacker to run
> arbitrary code.
> (Other resources: MS03-046, CAN-2003-0714)
>
> In addition, several other vulnerabilities may permit an attacker to
> execute arbitrary code if the attacker can convince the victim to take
> some specific action (e.g., viewing a web page or an HTML email
> message). For detailed information, see the following vulnerability
> notes:
>
> VU#467036 - Microsoft Windows Help and Support Center contains
> buffer overflow in code used to handle HCP protocol
> There is a buffer overflow in the Microsoft Windows Help and
> Support Center that could permit an attacker to execute arbitrary
> code with SYSTEM privileges.
> (Other resources: MS03-044, CAN-2003-0711)
>
> VU#989932 - Microsoft Windows contains buffer overflow in Local
> Troubleshooter ActiveX control (Tshoot.ocx)
> Microsoft Windows ships with a troubleshooting application to
> assist users with problems. A vulnerability in this application may
> permit a remote attacker to execute arbitrary code with the
> privileges of the current user.
> (Other resources: MS03-042)
>
> VU#838572 - Microsoft Windows Authenticode mechanism installs
> ActiveX controls without prompting user
> A vulnerability in Microsoft's Authenticode could allow a remote
> attacker to install an untrusted ActiveX control on the victim's
> system. The ActiveX control could run code of the attacker's
> choice.
> (Other resources: MS03-041, CAN-2003-0660)
>
> VU#435444 - Microsoft Outlook Web Access (OWA) contains cross-site
> scripting vulnerability in the "Compose New Message" form
> There is a cross-site scripting vulnerability in Microsoft Outlook
> Web Access.
> (Other resources: MS03-047, CAN-2003-0712)
>
> Finally, there is a vulnerability in ListBox and ComboBox controls
> that could allow a local user to gain elevated privileges. For
> detailed information, see
>
> VU#967668 - Microsoft Windows ListBox and ComboBox controls
> vulnerable to buffer overflow when supplied crafted Windows message
> There is a buffer overflow in a function called by the Microsoft
> Windows ListBox and ComboBox controls that could allow a local
> attacker to execute arbitrary code with privileges of the process
> hosting the controls.
> (Other resources: MS03-045, CAN-2003-0659)
>
>
>II. Impact
>
> The impact of these vulnerabilities ranges from denial of service to
> the ability to execute arbitrary code.
>
>
>III. Solution
>
>Disable the Messenger Service
>
> For VU#575892, Microsoft recommends first disabling the Messenger
> service and then evaluating the need to apply the patch. If the
> Messenger service is not required, leave it in the disabled state.
> Apply the patch to make sure that systems are protected, especially if
> the Messenger service is re-enabled. Instructions for disabling the
> Messenger service can be found in VU#575892 and MS03-043.
>
>Apply patches
>
> Microsoft has provided patches for these problems. Details can be
> found in the relevant Microsoft Security Bulletins. For many home
> users, the simplest way to obtain these patches will be by running
> Windows Update.
>
>
>Appendix A. Vendor Information
>
> This appendix contains information provided by vendors. When vendors
> report new information, this section is updated, and the changes are
> noted in the revision history. If a vendor is not listed below, we
> have not received their authenticated, direct statement. Further
> vendor information is available in the Systems Affected sections of
> the vulnerability notes listed above.
>
>Microsoft Corporation
>
> Please see the following Microsoft Security Bulletins: MS03-041,
> MS03-042, MS03-043, MS03-044, MS03-045, MS03-046, and MS03-047.
>
>
>Appendix B. References
>
> * CERT/CC Vulnerability Note VU#575892 -
> <http://www.kb.cert.org/vuls/id/575892>
> * CERT/CC Vulnerability Note VU#422156 -
> <http://www.kb.cert.org/vuls/id/422156>
> * CERT/CC Vulnerability Note VU#467036 -
> <http://www.kb.cert.org/vuls/id/467036>
> * CERT/CC Vulnerability Note VU#989932 -
> <http://www.kb.cert.org/vuls/id/989932>
> * CERT/CC Vulnerability Note VU#838572 -
> <http://www.kb.cert.org/vuls/id/838572>
> * CERT/CC Vulnerability Note VU#435444 -
> <http://www.kb.cert.org/vuls/id/435444>
> * CERT/CC Vulnerability Note VU#967668 -
> <http://www.kb.cert.org/vuls/id/967668>
> * Microsoft Security Bulletin MS03-041 -
> <http://www.microsoft.com/technet/security/bulletin/MS03-041.asp>
> * Microsoft Security Bulletin MS03-041 -
> <http://www.microsoft.com/technet/security/bulletin/MS03-042.asp>
> * Microsoft Security Bulletin MS03-041 -
> <http://www.microsoft.com/technet/security/bulletin/MS03-043.asp>
> * Microsoft Security Bulletin MS03-041 -
> <http://www.microsoft.com/technet/security/bulletin/MS03-044.asp>
> * Microsoft Security Bulletin MS03-041 -
> <http://www.microsoft.com/technet/security/bulletin/MS03-045.asp>
> * Microsoft Security Bulletin MS03-041 -
> <http://www.microsoft.com/technet/security/bulletin/MS03-046.asp>
> * Microsoft Security Bulletin MS03-041 -
> <http://www.microsoft.com/technet/security/bulletin/MS03-047.asp>
>
> _________________________________________________________________
>
> Our thanks to Microsoft Corporation for the information contained in
> their security bulletins. Microsoft has credited the following people
> for their help in discovering and responding to these issues: Greg
> Jones of KPMG UK and Cesar Cerrudo, The Last Stage of Delirium
> Research Group, David Litchfield of Next Generation Security Software
> Ltd., Brett Moore of Security-Assessment.com, Joao Gouveia, and Ory
> Segal of Sanctum Inc.
> _________________________________________________________________
>
> Feedback can be directed to the authors, Shawn V. Hernan and Art
> Manion.
> ______________________________________________________________________
>
> This document is available from:
>
> <http://www.cert.org/advisories/CA-2003-27.html>
> ______________________________________________________________________
>
>
>CERT/CC Contact Information
>
> Email: <cert at cert.org>
> Phone: +1 412-268-7090 (24-hour hotline)
> Fax: +1 412-268-6989
> Postal address:
> CERT Coordination Center
> Software Engineering Institute
> Carnegie Mellon University
> Pittsburgh PA 15213-3890
> U.S.A.
>
> CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /
> EDT(GMT-4) Monday through Friday; they are on call for emergencies
> during other hours, on U.S. holidays, and on weekends.
>
>Using encryption
>
> We strongly urge you to encrypt sensitive information sent by email.
> Our public PGP key is available from
>
> <http://www.cert.org/CERT_PGP.key>
>
> If you prefer to use DES, please call the CERT hotline for more
> information.
>
>Getting security information
>
> CERT publications and other security information are available from
> our web site
>
> <http://www.cert.org/>
>
> To subscribe to the CERT mailing list for advisories and bulletins,
> send email to <majordomo at cert.org>. Please include in the body of your
> message
>
> subscribe cert-advisory
>
> * "CERT" and "CERT Coordination Center" are registered in the U.S.
> Patent and Trademark Office.
> ______________________________________________________________________
>
> NO WARRANTY
> Any material furnished by Carnegie Mellon University and the Software
> Engineering Institute is furnished on an "as is" basis. Carnegie
> Mellon University makes no warranties of any kind, either expressed or
> implied as to any matter including, but not limited to, warranty of
> fitness for a particular purpose or merchantability, exclusivity or
> results obtained from use of the material. Carnegie Mellon University
> does not make any warranty of any kind with respect to freedom from
> patent, trademark, or copyright infringement.
> ______________________________________________________________________
>
> Conditions for use, disclaimers, and sponsorship information
>
> Copyright 2003 Carnegie Mellon University.
>
> Revision History
>
> October 16, 2003: Initial release
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP 6.5.8
>
>iQCVAwUBP474hpZ2NNT/dVAVAQHpowP/XT60oVtiTpggPZC3c7zmqQNOLeC2ah1L
>c7gcNSmwa8Ij25D53ephFaMP0PyPDM9w8WX7uDfCYE2W/yMyBx3jwfMs6C5d2wM1
>7zhOwu9b2N75rf/UGDuO/QXMe9KSHkIFVJuS3hS6PsOcP307zuh5ieaWCnrGaHFj
>3JwQQsmNUTA=
>=C7x3
>-----END PGP SIGNATURE-----
More information about the thelist
mailing list