[SECURITY-L] [cais em cais.rnp.br: CAIS-Alerta: Vulnerabilidade no Microsoft virtual machine (816093)]

Silvana Mieko Misuta mieko em ccuec.unicamp.br
Qui Abr 10 14:46:19 -03 2003 

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Vulnerabilidade no Microsoft virtual machine (816093)
To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Thu, 10 Apr 2003 14:24:26 -0300 (BRT)

-----BEGIN PGP SIGNED MESSAGE-----


Prezados,

O CAIS está repassando o alerta divulgado pela Microsoft, Microsoft
Security Bulletin MS03-011: Flaw in Microsoft VM Could Enable System
Compromise (816093), que trata de uma vulnerabilide no Microsoft virtual
machine (Microsoft VM) que pode permitir a um atacante a execucao de
codigo arbitrario.


Sistemas Afetados:

        . Versoes do Microsoft virtual machine (Microsoft VM) inferiores e
	  incluindo a versao 5.0.3809

Os seguites produtos da Microsoft possuem o Microsoft virtual machine
(Microsoft VM):

	. Microsoft Windows 95
	. Microsoft Windows 98 e 98SE
	. Microsoft Windows Millennium
	. Microsoft Windows NT 4.0, com Service Pack 1
	. Microsoft Windows 2000
	. Microsoft Windows XP


Outros softwares da Microsoft podem conter o Microsoft virtual machine. E'
necessario verificar sua presenca atraves da seguinte sequencia de
comandos:

	. Abrir um Command Prompt e executar o comando Jview. Se este
comando for executado com sucesso voce possui o Microsoft virtual machine
instalado.


Exemplo da execucao do comando Jview:

C:\>jview
Microsoft (R) Command-line Loader for Java  Version 5.00.3805
Copyright (C) Microsoft Corp 1996-2000. All rights reserved.

Usage: JView [options] <classname> [arguments]



Correções disponíveis:

A correção consiste na aplicação do patch recomendado pela Microsoft e
disponíveis nas URLs listadas abaixo.


	. Windows update web site:
	  http://windowsupdate.microsoft.com

	. Windows 2000 Service Packs 2 & 3

	. All except Japanese NEC
http://microsoft.com/downloads/details.aspx?FamilyId=DD870EAC-69EF-4287-9A07-6C740F162644&displaylang=en

	. NEC Japanese
http://microsoft.com/downloads/details.aspx?FamilyId=65CC342B-5139-4F81-B3A0-F3F1184CF2F6&displaylang=ja


Maiores informações:

http://www.microsoft.com/technet/security/bulletin/ms03-011.asp


Identificador do CVE: CAN-2003-0111 (http://cve.mitre.org)


O CAIS recomenda aos administradores de plataformas Microsoft que
mantenham seus sistemas e aplicativos sempre atualizados.


Atenciosamente,


################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA / RNP      #
#                                                              #
# cais em cais.rnp.br     http://www.cais.rnp.br                  #
# Tel. 019-37873300    Fax. 019-37873301                       #
# Chave PGP disponivel em: http://www.cais.rnp.br/cais-pgp.key #
################################################################

- -------------------------------------------------------------------

Title:      Flaw in Microsoft VM Could Enable System Compromise
	    (816093)
Date:       09 April 2003
Software:   Microsoft VM
Impact:     Allow attacker to execute code of his or her choice
Max Risk:   Critical
Bulletin:   MS03-011

Microsoft encourages customers to review the Security Bulletins
at:

http://www.microsoft.com/technet/security/bulletin/MS03-011.asp
http://www.microsoft.com/security/security_bulletins/ms03-011.asp
- -------------------------------------------------------------------


Issue:
======
The Microsoft VM is a virtual machine for the Win32(r) operating
environment. The Microsoft VM is shipped in most versions of
Windows, as well as in most versions of Internet Explorer.

The present Microsoft VM, which includes all previously released
fixes to the VM, has been updated to include a fix for the newly
reported security vulnerability. This new security vulnerability
affects the ByteCode Verifier component of the Microsoft VM, and
results because the ByteCode verifier does not correctly check for
the presence of certain malicious code when a Java applet is being
loaded. The attack vector for this new security issue would likely
involve an attacker creating a malicious Java applet and inserting
it into a web page that when opened, would exploit the
vulnerability. An attacker could then host this malicious web page
on a web site, or could send it to a user in e-mail.


Mitigating Factors:
====================

- - In order to exploit this vulnerability via the web-based attack
vector, the attacker would need to entice a user into visiting a
web site that the attacker controlled. The vulnerability themselves
provide no way to force a user to a web site.

- - Java applets are disabled within the Restricted Sites Zone. As a
result, any mail client that opened HTML mail within the Restricted
Sites Zone, such as Outlook 2002, Outlook Express 6, or Outlook 98
or 2000 when used in conjunction with the Outlook Email Security
Update, would not be at risk from the mail-based attack vector.

- - The vulnerability would gain only the privileges of the user, so
customers who operate with less than administrative privileges
would be at less risk from the vulnerability.

- - Corporate IT administrators could limit the risk posed to their
users by using application filters at the firewall to inspect and
block mobile code.


Risk Rating:
============
Critical

Patch Availability:
===================
A patch is available to fix this vulnerability. Please read the
Security Bulletins at

http://www.microsoft.com/technet/security/bulletin/ms03-011.asp
http://www.microsoft.com/security/security_bulletins/ms03-11.asp

for information on obtaining this patch.

- ----------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS
SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT,
INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR
SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION
MAY NOT APPLY.


*******************************************************************


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBPpWo0ukli63F4U8VAQH/RgQAnOLVFK5tYsYI8uh1UZ9hu+8piBdALPFi
YC3Hv7sf05iVWYtH+OPzCx6jbX7AkqShi2mNAE6Tlg67RDud/wPCBmx/3p+kHUvH
jG75QAMO7V4CA0eXsUkpMowhIdUQrKOsGtjzieGtlaPnD4ghLG9mJxwokifmc1wi
7dfK0nzyt5c=
=ZDdF
-----END PGP SIGNATURE-----


----- End forwarded message -----

Mais detalhes sobre a lista de discussão SECURITY-L