Not needed if you have a static IP address. -Clint
TITLE: Windows DHCP Client Service Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA21010 VERIFY ADVISORY: http://secunia.com/advisories/21010/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the DHCP Client service when processing DHCP responses. This can be exploited to cause a buffer overflow by sending a specially crafted DHCP response to the client. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Microsoft Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=7a04fae4-6914-4ffa-b0ec-61b912d47873 Microsoft Windows XP SP1 / SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=bf08cc28-b359-4b27-99b2-342f832cdecc Microsoft Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=49b0da03-73a7-462a-9dc2-2eb5405e2505 Microsoft Windows Server 2003 (with or without SP1) http://www.microsoft.com/downloads/details.aspx?FamilyId=2978c3d2-59e3-4dd4-8323-b1b2f9dfa7a5 Microsoft Windows Server 2003 for Itanium-based systems (with or without SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=01e7bbbd-dfb6-4524-aa35-39323b210aa4 Microsoft Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=d68730a7-bb7c-477a-a2a4-991629fc1402 ORIGINAL ADVISORY: MS06-036 (KB914388): http://www.microsoft.com/technet/security/Bulletin/MS06-036.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
