-----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Brief November 11, 2003
Microsoft Workstation Service Buffer Overflow Synopsis: Microsoft has released Security Bulletin MS03-049 to address a serious buffer overflow vulnerability in the Microsoft Workstation service. The Workstation service is responsible for handling remote connections between computers and network resources such as fileservers or networked printers. Impact: The Workstation service is enabled by default on vulnerable platforms. The vulnerability is a standard stack overflow, and therefore it may be relatively easy to exploit. Exploits written to take advantage of standard stack overflows are generally very robust, and are good candidates for use in the creation of Internet worms. Affected Versions: Microsoft Windows 2000 SP2 Microsoft Windows 2000 SP3 Microsoft Windows 2000 SP4 Microsoft Windows XP Microsoft Windows XP SP1 Microsoft Windows XP 64-bit Edition Note: Microsoft Windows XP security updates associated with Security Bulletin MS03-043 (828035) include a fix for this vulnerability. Microsoft Windows XP users need not apply this update. Microsoft Windows 2000 customers are not protected by the previous patch. For the complete ISS X-Force Security Alert, please visit: http://xforce.iss.net/xforce/alerts/id/158 ______ About Internet Security Systems (ISS) Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a pioneer and world leader in software and services that protect critical online resources from an ever-changing spectrum of threats and misuse. Internet Security Systems is headquartered in Atlanta, GA, with additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. Copyright (c) 2003 Internet Security Systems, Inc. All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this document. It is not to be edited or altered in any way without the express written consent of the Internet Security Systems X-Force. If you wish to reprint the whole or any part of this document in any other medium excluding electronic media, please email [EMAIL PROTECTED] for permission. Disclaimer: The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information. X-Force PGP Key available on MIT's PGP key server and PGP.com's key server, as well as at http://www.iss.net/security_center/sensitive.php Please send suggestions, updates, and comments to: X-Force [EMAIL PROTECTED] of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBP7FiFDRfJiV99eG9AQFPyQQAjXnskhPSXLuiq3r1c/GlnzI/zBcVADIb CubRTv+x7Gq8P1Jod1Pr9EcRvecn+cEAjofBRJ2dPDn767l+4FVh7cRqH9x2AD2O aPzB+sOVtRoYevs8XXswF0sLIrBQh+UxHSSRo4F9QOEpnhGhpbiRBUDKcSkkgmuj 40T86ME8e3E= =d+7x -----END PGP SIGNATURE----- _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
