Microsoft warns of widespread Windows flaw

Status
Not open for further replies.

Julio Franco

Posts: 9,092   +2,043
Staff member
Microsoft has a message for Windows users: Patch your computers quickly.

On Tuesday, the software giant released a fix for a networking flaw that affects every computer running Windows NT, Windows 2000, Windows XP or Windows Server 2003. If left unpatched, the security hole could allow a worm to spread quickly throughout the Internet, causing an incident similar to the MSBlast attack last summer.

Read more: CNet News.

Useful links: TS' OS Updates | MS' Windows Update.
 
eEye® Digital Security Uncovers Dangerous Vulnerabilities in Microsoft Windows ASN

Two critical security flaws were announced this week pertaining to Microsoft's ASN library. These vulnerabilities could significantly impact network security worldwide.

Systems Affected
All current versions of Microsoft Windows (e.g. Windows NT, XP, 2000) and Windows Server 2003.

Potential Impact
The ASN vulnerabilities uncovered by eEye could allow an attacker to overwrite heap memory with data, causing the execution of arbitrary code. These flaws can both be detected and exploited remotely and have the capability to cause serious damage if not immediately resolved. Since the ASN library is widely used by Windows security subsystems, the vulnerability is exposed through an array of authentication protocols. This makes these vulnerabilities more dangerous than previous flaws that spawned Nimda, Code Red and Sapphire worms. eEye and Microsoft have released detailed advisories to alert and inform Windows users of the need to immediately remediate vulnerable machines on their networks.

Severity: High (Remote Code Execution)
Because the ASN library is an industry standard used by Windows security subsystems, the vulnerability is exposed through several avenues, including Kerberos, NTLMv2 authentication, and applications that make use of certificates (SSL, digitally-signed email, signed ActiveX controls, etc.). This means that every Windows machine is vulnerable, unless it has been patched.



Protecting Against These Vulnerabilities
The most effective way to protect vulnerable systems is to apply the hotfix released by Microsoft. The hotfix remediates both vulnerabilities, and can be found here:
http://www.microsoft.com/technet/security/bulletin/MS04-007.asp

Retina® Network Security Scanner
Retina has been updated to check for the ASN.1 vulnerabilities. These checks are included in Retina versions 4.9.165 and higher. The following are the related vulnerability audits:

ASN.1 Vulnerability Could Allow Code Execution - NT4

ASN.1 Vulnerability Could Allow Code Execution - 2000

ASN.1 Vulnerability Could Allow Code Execution - XP

ASN.1 Vulnerability Could Allow Code Execution - 2003
Additional Information: eEye Security Bulletins
Microsoft ASN.1 Library Length Overflow Heap Corruption
http://www.eeye.com/html/Research/Advisories/AD20040210.html

Microsoft ASN.1 Library Bit String Heap Corruption
http://www.eeye.com/html/Research/Advisories/AD20040210-2.html
 
Status
Not open for further replies.
Back