Multiple Critical Vulnerabilities in Microsoft Windows
Date:
4/13/2004 12:00:00 AM
Severity:
High
Affected Software:
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Server 4.0
Microsoft Windows NT Server 4.0, Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Overview:
These vulnerabilities could potentially allow an attacker to take complete control of an affected system. An attacker could then take any action on the affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. eEye and Microsoft have released detailed advisories to alert Windows users of the need to immediately secure vulnerable machines on their networks.
|
Vulnerability
Identifiers
|
Impact
Of Vulnerability
|
Windows
NT Server 4.0
|
Windows
2000
|
Windows
XP
|
Windows
Server 2003
|
|
RPC
Runtime Library Vulnerability
|
Remote
Code Execution
|
None
|
Critical
|
Critical
|
Critical
|
|
LSASS
Vulnerability
|
Remote
Code Execution
|
None
|
Critical
|
Critical
|
Low
|
|
Metafile
Vulnerability
|
Remote
Code Execution
|
Critical
|
Critical
|
Critical
|
None
|
|
Local
Descriptor Table Vulnerability
|
Privilege
Elevation
|
Important
|
Important
|
None
|
None
|
|
Virtual
DOS Machine Vulnerability
|
Privilege
Elevation
|
Important
|
Important
|
None
|
None
|
|
RPCSS
Service Vulnerability
|
Denial
Of Service
|
None
|
Important
|
Important
|
Important
|
*The above assessment is based on the types of systems that are affected by the vulnerability, typical deployment patterns, and the effect that exploiting the vulnerability would have on them.(source: Microsoft)
Technical Analysis:
Detection:
Prevention:
The most effective way to protect vulnerable systems is to apply the hotfixes released by Microsoft. The hotfixes will remediate these vulnerabilities, and can be found here:
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
http://www.microsoft.com/technet/security/bulletin/MS04-012.mspx
Retina Network Security Scanner
Retina has been updated to check for all of the above vulnerabilities. These checks are included in Retina versions 4.9.194 and higher. Retina is the only scanner that is 100% non-intrusive and can scan remotely without administrative access. For a comprehensive list of Retina audits click here:
http://www.eeye.com/html/mkt/gen/AprilAdv.html
Links:
Microsoft DCOM RPC Memory Leak
Microsoft DCOM RPC Race Condition
Windows Local Security Authority Service Remote Buffer Overflow
Copyright ©1998-2010 eEye Digital Security
Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way without express consent of eEye. If you wish to reprint the whole or any part of this alert in any other medium excluding electronic medium, please email alert@eEye.com for permission.
Disclaimer
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are no warranties, implied or express, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.