Microsoft Security Bulletin Summary for February, 2004

February 11, 2004


Microsoft Security Bulletin MS04-005 - Vulnerability in Virtual PC for Mac could lead to privilege elevation (835150) - Important - This one is pretty out there for the average sysadmin..

Microsoft Security Bulletin MS04-006 - Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352) - Important - if you run WINS (still) you may want to take a peek at this...

Microsoft Security Bulletin MS04-007
- ASN.1 Vulnerability Could Allow Code Execution (828028) - Critical - This one is fun. The vulnerability is caused by an unchecked buffer in the Microsoft ASN.1 Library, which could result in a buffer overflow. An attacker who successfully exploited this buffer overflow vulnerability could execute code with system privileges on an affected system. The attacker could then take any action on the system, including installing programs, viewing data, changing data, deleting data, or creating new accounts with full privileges.

Because ASN.1 is a standard for many applications and devices, there are many potential attack vectors. To successfully exploit this vulnerability, an attacker must force a computer to decode malformed ASN.1 data. For example, when using authentication protocols based on ASN.1 it could be possible to construct a malformed authentication request that could expose this vulnerability.

Server systems are at greater risk than client computers because they are more likely to have a server process running that decodes ASN.1 data.

So basically, this is in *almost* every Windows system (not installed by default on WinNT), there is no workaround, there are a wide numbers of attack vectors (not like you could just block a port), and servers will most likely be hit easier than workstations.

Couple this with the IE update earlier this month (which breaks websites) and it looks like I'll have some overtime on my hands. THANKS MICROSOFT!!!