Microsoft warns of widespread Windows flaw

By Julio Franco
Feb 11, 2004
Topic Status:
Not open for further replies.
  1. Microsoft has a message for Windows users: Patch your computers quickly.

    On Tuesday, the software giant released a fix for a networking flaw that affects every computer running Windows NT, Windows 2000, Windows XP or Windows Server 2003. If left unpatched, the security hole could allow a worm to spread quickly throughout the Internet, causing an incident similar to the MSBlast attack last summer.

    Read more: CNet News.

    Useful links: TS' OS Updates | MS' Windows Update.
  2. Per Hansson

    Per Hansson TS Server Guru Posts: 1,917   +119 Staff Member

    eEye® Digital Security Uncovers Dangerous Vulnerabilities in Microsoft Windows ASN

    Two critical security flaws were announced this week pertaining to Microsoft's ASN library. These vulnerabilities could significantly impact network security worldwide.

    Systems Affected
    All current versions of Microsoft Windows (e.g. Windows NT, XP, 2000) and Windows Server 2003.

    Potential Impact
    The ASN vulnerabilities uncovered by eEye could allow an attacker to overwrite heap memory with data, causing the execution of arbitrary code. These flaws can both be detected and exploited remotely and have the capability to cause serious damage if not immediately resolved. Since the ASN library is widely used by Windows security subsystems, the vulnerability is exposed through an array of authentication protocols. This makes these vulnerabilities more dangerous than previous flaws that spawned Nimda, Code Red and Sapphire worms. eEye and Microsoft have released detailed advisories to alert and inform Windows users of the need to immediately remediate vulnerable machines on their networks.

    Severity: High (Remote Code Execution)
    Because the ASN library is an industry standard used by Windows security subsystems, the vulnerability is exposed through several avenues, including Kerberos, NTLMv2 authentication, and applications that make use of certificates (SSL, digitally-signed email, signed ActiveX controls, etc.). This means that every Windows machine is vulnerable, unless it has been patched.



    Protecting Against These Vulnerabilities
    The most effective way to protect vulnerable systems is to apply the hotfix released by Microsoft. The hotfix remediates both vulnerabilities, and can be found here:
    http://www.microsoft.com/technet/security/bulletin/MS04-007.asp

    Retina® Network Security Scanner
    Retina has been updated to check for the ASN.1 vulnerabilities. These checks are included in Retina versions 4.9.165 and higher. The following are the related vulnerability audits:

    ASN.1 Vulnerability Could Allow Code Execution - NT4

    ASN.1 Vulnerability Could Allow Code Execution - 2000

    ASN.1 Vulnerability Could Allow Code Execution - XP

    ASN.1 Vulnerability Could Allow Code Execution - 2003
    Additional Information: eEye Security Bulletins
    Microsoft ASN.1 Library Length Overflow Heap Corruption
    http://www.eeye.com/html/Research/Advisories/AD20040210.html

    Microsoft ASN.1 Library Bit String Heap Corruption
    http://www.eeye.com/html/Research/Advisories/AD20040210-2.html
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.