-----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Brief April 13, 2004
Multiple Vulnerabilities in Microsoft Products Synopsis: Microsoft has released several security bulletins that address security issues affecting modern Windows operating systems. A critical vulnerability has been discovered in the Windows Local Security Authority Subsystem (LSASS). In addition, serious vulnerabilities have been discovered in the Microsoft Abstract Syntax Notation One (ASN.1) library, the Negotiate Security Software Provider (SSP) interface, and the Microsoft RPC runtime library. Less serious vulnerabilities have been discovered in SSL handshakes, H.323 parsing in Netmeeting, Microsoft LDAP, and the Help and Support Center protocol. This Alert focuses mainly on the LSASS, ASN.1 and SSP vulnerabilities described in Microsoft Security Bulletin MS04-011. MS04-011 also included information related to a serious vulnerability within SSL. Please see the following X-Force Advisory for more information regarding that vulnerability: http://xforce.iss.net/xforce/alerts/id/168 Please see the following X-Force advisory for more detailed information regarding the Microsoft RPC runtime library vulnerability: http://xforce.iss.net/xforce/alerts/id/155 Impact: The LSASS vulnerability could be exploited to run arbitrary code by an unauthenticated remote user on default installations of Windows 2000 and XP. The ASN.1 vulnerability could be remotely exploited via multiple attack vectors described below to execute arbitrary code. The Negotiate SSP vulnerability could potentially be exploited through services which offer NTLM or Kerberos authentication, such as Internet Information Services (IIS). It is believed to be difficult but possible to achieve arbitrary code execution via the ASN.1 or Negotiate SSP vulnerabilities. Vulnerabilities discovered in SSL handshakes, H.323 parsing in NetMeeting, Microsoft LDAP, and the Help and Support Center protocol would not allow arbitrary code execution in default configurations or without specific user-interaction. For the complete ISS X-Force Security Alert, please visit: http://xforce.iss.net/xforce/alerts/id/169 ______ About Internet Security Systems (ISS) Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a pioneer and world leader in software and services that protect critical online resources from an ever-changing spectrum of threats and misuse. Internet Security Systems is headquartered in Atlanta, GA, with additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. Copyright (c) 2004 Internet Security Systems, Inc. All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this document. It is not to be edited or altered in any way without the express written consent of the Internet Security Systems X-Force. If you wish to reprint the whole or any part of this document in any other medium excluding electronic media, please email [EMAIL PROTECTED] for permission. Disclaimer: The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information. X-Force PGP Key available on MIT's PGP key server and PGP.com's key server, as well as at http://www.iss.net/security_center/sensitive.php Please send suggestions, updates, and comments to: X-Force [EMAIL PROTECTED] of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBQHxYPjRfJiV99eG9AQGlMAP/fVwjyRwvu1FSIf2VjdwsA6hNxPsNhIlM NwsDhYDgOj2zb9C2yj+qxe8LtrBWXq4mDqN2K2pzBQ8i0Vn85EHXFvnNPRUsGMIM 1cwGm6gmOK2XAIgCzqg6STEGGz/achfKr8q8Phl6UeUT+KSBybAzj9mnMnDGn973 Sd5gRCyI7kQ= =hvBV -----END PGP SIGNATURE----- _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
