[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS ALERT - 31/03 - Microsoft - Microsoft Workstation Service Buffer Overflow

To: <uniras@xxxxxxxxxxxx>
Subject: UNIRAS ALERT - 31/03 - Microsoft - Microsoft Workstation Service Buffer Overflow
From: "UNIRAS \(UK Govt CERT\)" <uniras@xxxxxxxxxxxx>
Date: Wed, 12 Nov 2003 14:54:02 -0000
Cc: <interim@xxxxxxxxxxxxxxxxxx>
Delivered-to: mailing list interim@xxxxxxxxxxxxxxxxxx
Delivered-to: moderator for interim@xxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 12 Nov 2003 16:10:27 +0100
Envelope-to: UNIRAS@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Importance: Normal
List-help: <mailto:interim-help@lists.niscc.gov.uk>
List-post: <mailto:interim@lists.niscc.gov.uk>
List-subscribe: <mailto:interim-subscribe@lists.niscc.gov.uk>
List-unsubscribe: <mailto:interim-unsubscribe@lists.niscc.gov.uk>
Mailing-list: contact interim-help@xxxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: <uniras@xxxxxxxxxxxx>

 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
     UNIRAS (UK Govt CERT) ALERT - 31/03 dated 12.11.03  Time: 14:50
 UNIRAS is part of NISCC(National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====
Microsoft Workstation Service Buffer Overflow 

UNIRAS Comment
==============
UNIRAS has reviewed the recently released Microsoft advisory material on this 
topic and the Briefing below by ISS. It is concluded that the vulnerability is 
relatively easy to exploit and the potential for an 'Internet Worm' is HIGH. 

UNIRAS strongly recommends that system administrators install the relevant 
patch as soon as possible, after testing on a suitable reference system.

URLs:
http://www.uniras.gov.uk/l1/l2/l3/brief2003/brief-61703.txt
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/winnov03.asp
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-049.asp

Detail
====== 

- -----BEGIN PGP SIGNED MESSAGE-----

Internet Security Systems Security Brief
November 11, 2003

Microsoft Workstation Service Buffer Overflow 

Synopsis:

Microsoft has released Security Bulletin MS03-049 to address a serious
buffer overflow vulnerability in the Microsoft Workstation service. The
Workstation service is responsible for handling remote connections between
computers and network resources such as fileservers or networked printers.

Impact:

The Workstation service is enabled by default on vulnerable platforms. The
vulnerability is a standard stack overflow, and therefore it may be
relatively easy to exploit. Exploits written to take advantage of standard
stack overflows are generally very robust, and are good candidates for use
in the creation of Internet worms.

Affected Versions:

Microsoft Windows 2000 SP2
Microsoft Windows 2000 SP3
Microsoft Windows 2000 SP4
Microsoft Windows XP
Microsoft Windows XP SP1
Microsoft Windows XP 64-bit Edition

Note: Microsoft Windows XP security updates associated with Security
Bulletin MS03-043 (828035) include a fix for this vulnerability. Microsoft
Windows XP users need not apply this update. Microsoft Windows 2000
customers are not protected by the previous patch.

For the complete ISS X-Force Security Alert, please visit:
http://xforce.iss.net/xforce/alerts/id/158

______

About Internet Security Systems (ISS)
Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
pioneer and world leader in software and services that protect critical
online resources from an ever-changing spectrum of threats and misuse.
Internet Security Systems is headquartered in Atlanta, GA, with
additional operations throughout the Americas, Asia, Australia, Europe
and the Middle East.

Copyright (c) 2003 Internet Security Systems, Inc. All rights reserved
worldwide.

Permission is hereby granted for the electronic redistribution of this
document. It is not to be edited or altered in any way without the
express written consent of the Internet Security Systems X-Force. If
you wish to reprint the whole or any part of this document in any other
medium excluding electronic media, please email xforce@xxxxxxx for
permission.

Disclaimer: The information within this paper may change without notice.
Use of this information constitutes acceptance for use in an AS IS
condition. There are NO warranties, implied or otherwise, with regard to
this information or its use. Any use of this information is at the
user's risk. In no event shall the author/distributor (Internet Security
Systems X-Force) be held liable for any damages whatsoever arising out
of or in connection with the use or spread of this information.

X-Force PGP Key available on MIT's PGP key server and PGP.com's key
server, as well as at http://www.iss.net/security_center/sensitive.php
Please send suggestions, updates, and comments to: X-Force
xforce@xxxxxxx of Internet Security Systems, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBP7FiFDRfJiV99eG9AQFPyQQAjXnskhPSXLuiq3r1c/GlnzI/zBcVADIb
CubRTv+x7Gq8P1Jod1Pr9EcRvecn+cEAjofBRJ2dPDn767l+4FVh7cRqH9x2AD2O
aPzB+sOVtRoYevs8XXswF0sLIrBQh+UxHSSRo4F9QOEpnhGhpbiRBUDKcSkkgmuj
40T86ME8e3E=
=d+7x
- -----END PGP SIGNATURE-----

- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via EMail to:
uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of ISS for the information
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBP7JJh4pao72zK539AQFHsQP/dwlzVlrQhgfvaty8fF3RIkdLARY+QOvC
LpNgfUV6MbxV6QZA3JFl9cuhZRyNNO7nVbyWzzWjkvN71AY8rAGkVYv4MebusrKR
2YTeTsm9jGDBSp7JbwScQ20Vp5TOCcGVjGlIddvBBRohPLqS++6q4VI+cn55Ns9v
NEwAWuphFVc=
=QlmB
-----END PGP SIGNATURE-----

Prev by Date: UNIRAS Brief - 617/03 - Microsoft Windows Security Bulletin Summary for November 2003.
Next by Date: UNIRAS Brief - 620/03 - Microsoft Security Bulletin MS02-050 (REVISED)
Previous by thread: UNIRAS Brief - 617/03 - Microsoft Windows Security Bulletin Summary for November 2003.
Next by thread: UNIRAS Brief - 620/03 - Microsoft Security Bulletin MS02-050 (REVISED)
Index(es):
- Date
- Thread