For anyone using Windows 2003, MS has posted a number of patches.
Windows Server 2003 Local Denial of Service Vulnerabilities
Secunia Advisory: SA14808 Print Advisory Release Date: 2005-04-05
Critical: Not critical Impact: DoS Where: Local system Solution Status: Vendor Patch
OS: Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition
Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.
Description:
Two vulnerabilities have been reported in Microsoft Windows Server 2003, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
1) The vulnerability is caused due to an error when the SMB redirector receives a browser announcement frame and subsequently tries to run code that is paged out. This can be exploited to cause the system to crash by e.g. retrieving a large file from a network share when the system is under heavy load.
2) The vulnerability is caused due to an error where the printer driver under certain circumstances passes an invalid color adjustment object to Windows Server 2003. This can be exploited to cause the system to crash by a user through a terminal service session, where the user opens a Microsoft Word message in Microsoft Outlook and then prints the message to a network printer.
Solution: These issues have been resolved in Service Pack 1 for Windows Server 2003.
Windows Server 2003 SP1 (32-bit): http://www.microsoft.com/downloa...C239-337C-4D81-8354-72593B1C1F43
Windows Server 2003 SP1 (Itanium): http://www.microsoft.com/downloa...5C44-815C-45BD-8B08-4FE901BB8FDF
Provided and/or discovered by: Reported by vendor.
Original Advisory: Windows Server 2003 Service Pack 1: http://support.microsoft.com/kb/824721/
SMB redirector DoS: http://support.microsoft.com/kb/890554/
Printer driver DoS: http://support.microsoft.com/kb/829422/
Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
Peter Kaulback -- -- I haven't failed, I've found 10,000 ways that don't work.
Thomas Edison (1847-1931) ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
