[thelist] Fwd: CERT Advisory CA-2003-27 Multiple Vulnerabilities in Microsoft Windows

Anthony Baratta Anthony at Baratta.com
Thu Oct 16 17:37:19 CDT 2003


Time to hit the update service at MS again.

There are fixes there for a **NEW** RPC vulnerability. The previous fixes 
for the RPC vulnerability that hosed the internet a month or two ago **do 
not** protect you from this new hole.

Practice safe hex people.

>From: CERT Advisory <cert-advisory at cert.org>
>To: cert-advisory at cert.org
>Organization: CERT(R) Coordination Center - +1 412-268-7090
>Subject: CERT Advisory CA-2003-27 Multiple Vulnerabilities in Microsoft 
>Windows and Exchange
>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>
>CERT Advisory  CA-2003-27  Multiple  Vulnerabilities in Microsoft Windows
>and Exchange
>
>    Original issue date: October 16, 2003
>    Last revised: --
>    Source: CERT/CC
>
>    A complete revision history is at the end of this file.
>
>
>Systems Affected
>
>      * Multiple  versions  of  Microsoft Windows (ME, NT 4.0, NT 4.0 TSE,
>        2000, XP, Server 2003)
>      * Microsoft Exchange Server 5.5 and Microsoft Exchange Server 2000
>
>
>Overview
>
>    There  are multiple vulnerabilities in Microsoft Windows and Microsoft
>    Exchange,  the  most  serious of which could allow remote attackers to
>    execute arbitrary code.
>
>
>I. Description
>
>    There  are  a  number  of  vulnerabilities  in  Microsoft  Windows and
>    Microsoft Exchange that could allow an attacker to gain administrative
>    control   of   a   vulnerable   system.  The  most  serious  of  these
>    vulnerabilities  allow  an unauthenticated, remote attacker to execute
>    arbitrary  code with no action required on the part of the victim. For
>    detailed information, see the following vulnerability notes:
>
>      VU#575892 - Buffer overflow in Microsoft Windows Messenger Service
>      There  is a buffer overflow in the Messenger service on most recent
>      versions  of  Microsoft  Windows  that  could  allow an attacker to
>      execute arbitrary code.
>      (Other resources: MS03-043, CAN-2003-0717)
>
>      VU#422156  -  Microsoft  Exchange  Server  fails to properly handle
>      specially crafted SMTP extended verb requests
>      Microsoft  Exchange  fails  to  handle  certain SMTP extended verbs
>      correctly.  In  Exchange  5.5, this can lead to a denial-of-service
>      condition.  In  Exchange 2000, this could permit an attacker to run
>      arbitrary code.
>      (Other resources: MS03-046, CAN-2003-0714)
>
>    In  addition,  several other vulnerabilities may permit an attacker to
>    execute arbitrary code if the attacker can convince the victim to take
>    some  specific  action  (e.g.,  viewing  a  web  page or an HTML email
>    message).  For  detailed  information, see the following vulnerability
>    notes:
>
>      VU#467036  -  Microsoft  Windows  Help  and Support Center contains
>      buffer overflow in code used to handle HCP protocol
>      There  is  a  buffer  overflow  in  the  Microsoft Windows Help and
>      Support  Center  that could permit an attacker to execute arbitrary
>      code with SYSTEM privileges.
>      (Other resources: MS03-044, CAN-2003-0711)
>
>      VU#989932  -  Microsoft  Windows  contains buffer overflow in Local
>      Troubleshooter ActiveX control (Tshoot.ocx)
>      Microsoft  Windows  ships  with  a  troubleshooting  application to
>      assist users with problems. A vulnerability in this application may
>      permit  a  remote  attacker  to  execute  arbitrary  code  with the
>      privileges of the current user.
>      (Other resources: MS03-042)
>
>      VU#838572  -  Microsoft  Windows  Authenticode  mechanism  installs
>      ActiveX controls without prompting user
>      A  vulnerability  in  Microsoft's Authenticode could allow a remote
>      attacker  to  install  an untrusted ActiveX control on the victim's
>      system.  The  ActiveX  control  could  run  code  of the attacker's
>      choice.
>      (Other resources: MS03-041, CAN-2003-0660)
>
>      VU#435444  - Microsoft Outlook Web Access (OWA) contains cross-site
>      scripting vulnerability in the "Compose New Message" form
>      There  is a cross-site scripting vulnerability in Microsoft Outlook
>      Web Access.
>      (Other resources: MS03-047, CAN-2003-0712)
>
>    Finally,  there  is  a  vulnerability in ListBox and ComboBox controls
>    that  could  allow  a  local  user  to  gain  elevated privileges. For
>    detailed information, see
>
>      VU#967668   -  Microsoft  Windows  ListBox  and  ComboBox  controls
>      vulnerable to buffer overflow when supplied crafted Windows message
>      There  is  a  buffer overflow in a function called by the Microsoft
>      Windows  ListBox  and  ComboBox  controls  that could allow a local
>      attacker  to  execute arbitrary code with privileges of the process
>      hosting the controls.
>      (Other resources: MS03-045, CAN-2003-0659)
>
>
>II. Impact
>
>    The  impact  of these vulnerabilities ranges from denial of service to
>    the ability to execute arbitrary code.
>
>
>III. Solution
>
>Disable the Messenger Service
>
>    For  VU#575892,  Microsoft  recommends  first  disabling the Messenger
>    service  and  then  evaluating  the  need  to  apply the patch. If the
>    Messenger  service  is  not  required, leave it in the disabled state.
>    Apply the patch to make sure that systems are protected, especially if
>    the  Messenger  service  is re-enabled. Instructions for disabling the
>    Messenger service can be found in VU#575892 and MS03-043.
>
>Apply patches
>
>    Microsoft  has  provided  patches  for  these problems. Details can be
>    found  in  the  relevant  Microsoft  Security Bulletins. For many home
>    users,  the  simplest  way  to obtain these patches will be by running
>    Windows Update.
>
>
>Appendix A. Vendor Information
>
>    This  appendix  contains information provided by vendors. When vendors
>    report  new  information, this section is updated, and the changes are
>    noted  in  the  revision  history. If a vendor is not listed below, we
>    have  not  received  their  authenticated,  direct  statement. Further
>    vendor  information  is  available in the Systems Affected sections of
>    the vulnerability notes listed above.
>
>Microsoft Corporation
>
>      Please  see  the  following Microsoft Security Bulletins: MS03-041,
>      MS03-042, MS03-043, MS03-044, MS03-045, MS03-046, and MS03-047.
>
>
>Appendix B. References
>
>      * CERT/CC Vulnerability Note VU#575892 -
>        <http://www.kb.cert.org/vuls/id/575892>
>      * CERT/CC Vulnerability Note VU#422156 -
>        <http://www.kb.cert.org/vuls/id/422156>
>      * CERT/CC Vulnerability Note VU#467036 -
>        <http://www.kb.cert.org/vuls/id/467036>
>      * CERT/CC Vulnerability Note VU#989932 -
>        <http://www.kb.cert.org/vuls/id/989932>
>      * CERT/CC Vulnerability Note VU#838572 -
>        <http://www.kb.cert.org/vuls/id/838572>
>      * CERT/CC Vulnerability Note VU#435444 -
>        <http://www.kb.cert.org/vuls/id/435444>
>      * CERT/CC Vulnerability Note VU#967668 -
>        <http://www.kb.cert.org/vuls/id/967668>
>      * Microsoft Security Bulletin MS03-041 -
>        <http://www.microsoft.com/technet/security/bulletin/MS03-041.asp>
>      * Microsoft Security Bulletin MS03-041 -
>        <http://www.microsoft.com/technet/security/bulletin/MS03-042.asp>
>      * Microsoft Security Bulletin MS03-041 -
>        <http://www.microsoft.com/technet/security/bulletin/MS03-043.asp>
>      * Microsoft Security Bulletin MS03-041 -
>        <http://www.microsoft.com/technet/security/bulletin/MS03-044.asp>
>      * Microsoft Security Bulletin MS03-041 -
>        <http://www.microsoft.com/technet/security/bulletin/MS03-045.asp>
>      * Microsoft Security Bulletin MS03-041 -
>        <http://www.microsoft.com/technet/security/bulletin/MS03-046.asp>
>      * Microsoft Security Bulletin MS03-041 -
>        <http://www.microsoft.com/technet/security/bulletin/MS03-047.asp>
>
>      _________________________________________________________________
>
>    Our  thanks  to Microsoft Corporation for the information contained in
>    their  security bulletins. Microsoft has credited the following people
>    for  their  help  in  discovering and responding to these issues: Greg
>    Jones  of  KPMG  UK  and  Cesar  Cerrudo,  The  Last Stage of Delirium
>    Research  Group, David Litchfield of Next Generation Security Software
>    Ltd.,  Brett  Moore  of Security-Assessment.com, Joao Gouveia, and Ory
>    Segal of Sanctum Inc.
>      _________________________________________________________________
>
>    Feedback  can  be  directed  to  the  authors, Shawn V. Hernan and Art
>    Manion.
>    ______________________________________________________________________
>
>    This document is available from:
>
>      <http://www.cert.org/advisories/CA-2003-27.html>
>    ______________________________________________________________________
>
>
>CERT/CC Contact Information
>
>    Email: <cert at cert.org>
>           Phone: +1 412-268-7090 (24-hour hotline)
>           Fax: +1 412-268-6989
>           Postal address:
>           CERT Coordination Center
>           Software Engineering Institute
>           Carnegie Mellon University
>           Pittsburgh PA 15213-3890
>           U.S.A.
>
>    CERT/CC   personnel   answer  the  hotline  08:00-17:00  EST(GMT-5)  /
>    EDT(GMT-4)  Monday  through  Friday;  they are on call for emergencies
>    during other hours, on U.S. holidays, and on weekends.
>
>Using encryption
>
>    We  strongly  urge you to encrypt sensitive information sent by email.
>    Our public PGP key is available from
>
>      <http://www.cert.org/CERT_PGP.key>
>
>    If  you  prefer  to  use  DES,  please  call the CERT hotline for more
>    information.
>
>Getting security information
>
>    CERT  publications  and  other security information are available from
>    our web site
>
>      <http://www.cert.org/>
>
>    To  subscribe  to  the CERT mailing list for advisories and bulletins,
>    send email to <majordomo at cert.org>. Please include in the body of your
>    message
>
>      subscribe cert-advisory
>
>    *  "CERT"  and  "CERT  Coordination Center" are registered in the U.S.
>    Patent and Trademark Office.
>    ______________________________________________________________________
>
>    NO WARRANTY
>    Any  material furnished by Carnegie Mellon University and the Software
>    Engineering  Institute  is  furnished  on  an  "as is" basis. Carnegie
>    Mellon University makes no warranties of any kind, either expressed or
>    implied  as  to  any matter including, but not limited to, warranty of
>    fitness  for  a  particular purpose or merchantability, exclusivity or
>    results  obtained from use of the material. Carnegie Mellon University
>    does  not  make  any warranty of any kind with respect to freedom from
>    patent, trademark, or copyright infringement.
>    ______________________________________________________________________
>
>    Conditions for use, disclaimers, and sponsorship information
>
>    Copyright 2003 Carnegie Mellon University.
>
>    Revision History
>
>    October 16, 2003: Initial release
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP 6.5.8
>
>iQCVAwUBP474hpZ2NNT/dVAVAQHpowP/XT60oVtiTpggPZC3c7zmqQNOLeC2ah1L
>c7gcNSmwa8Ij25D53ephFaMP0PyPDM9w8WX7uDfCYE2W/yMyBx3jwfMs6C5d2wM1
>7zhOwu9b2N75rf/UGDuO/QXMe9KSHkIFVJuS3hS6PsOcP307zuh5ieaWCnrGaHFj
>3JwQQsmNUTA=
>=C7x3
>-----END PGP SIGNATURE-----



More information about the thelist mailing list