[SECURITY-L] [0_47099_AEE7C282-5BFD-4E84-98BC-79A14F27B03B_BR em Newsletters.Microsoft.com: Revised: Microsoft Security Bulletin MS03-007: Unchecked Buffer In Windows Component Could Cause Server Compromise (815021)]
Silvana Mieko Misuta
mieko em ccuec.unicamp.br
Qui Abr 24 10:13:35 -03 2003
----- Forwarded message from Microsoft <0_47099_AEE7C282-5BFD-4E84-98BC-79A14F27B03B_BR em Newsletters.Microsoft.com> -----
From: "Microsoft" <0_47099_AEE7C282-5BFD-4E84-98BC-79A14F27B03B_BR em Newsletters.Microsoft.com>
Subject: Revised: Microsoft Security Bulletin MS03-007: Unchecked Buffer In Windows Component Could Cause Server Compromise (815021)
To: <mieko em ccuec.unicamp.br>
Date: Thu, 24 Apr 2003 05:59:45 -0700
X-Mailer: Microsoft CDO for Windows 2000
-----BEGIN PGP SIGNED MESSAGE-----
- ----------------------------------------------------------------------
Title: Unchecked Buffer In Windows Component Could Cause
Server Compromise (815021)
Released: 17 Mar 2003
Revised: 23 Apr 2003 (version 2.0)
Software: Microsoft (r) Windows (r) NT 4.0 and Windows 2000
Impact: Run code of attacker's choice
Max Risk: Critical
Bulletin: MS03-007
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS03-007.asp
http://www.microsoft.com/security/security_bulletins/ms03-007.asp
- ----------------------------------------------------------------------
Reason for Revision:
====================
Microsoft originally released this security bulletin on March 17,
2003. At that time, Microsoft was aware of a publicly available
exploit that was being used to attack Windows 2000 Servers
running IIS 5.0. The attack vector in this case was WebDAV
although the underlying vulnerability was in a core operating
system component, ntdll.dll. Microsoft issued a patch to protect
Windows 2000 customers shortly afterwards, but also continued to
investigate the underlying vulnerability. Windows NT 4.0 also
contains the underlying vulnerability in ntdll.dll, however it
does not support WebDAV and therefore the known exploit was not
effective against Windows NT 4.0. Microsoft has now released a
patch for Windows NT 4.0.
Issue:
======
Microsoft Windows 2000 supports the World Wide Web Distributed
Authoring and Versioning (WebDAV) protocol. WebDAV, defined in
RFC 2518, is a set of extensions to the Hyper Text Transfer
Protocol (HTTP) that provide a standard for editing and file
management between computers on the Internet. A security
vulnerability is present in a Windows component used by WebDAV
and results because a core operating system component, ntdll.dll,
contains an unchecked buffer.
An attacker could exploit the vulnerability by sending a
specially formed HTTP request to a machine running Internet
Information Server (IIS). The request could cause the server to
fail or to execute code of the attacker's choice. The code would
run in the security context of the IIS service (which, by
default, runs in the LocalSystem context).
Although Microsoft has supplied a patch for this vulnerability
and recommends all affected customers install the patch
immediately, additional tools and preventive measures have been
provided that customers can use to block the exploitation of
this vulnerability while they are assessing the impact and
compatibility of the patch. These temporary workarounds and
tools are discussed in the "Workarounds" section in the FAQ
below.
Mitigating Factors:
====================
- -URLScan, which is a part of the IIS Lockdown Tool will block
this attack in its default configuration.
- -The vulnerability can only be exploited remotely if an attacker
can establish a web session with an affected server.
Risk Rating:
============
- Critical
Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletins at
http://www.microsoft.com/technet/security/bulletin/ms03-007.asp
http://www.microsoft.com/security/security_bulletins/ms03-007.asp
for information on obtaining this patch.
- ---------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS
SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT,
INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR
SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION
MAY NOT APPLY.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQEVAwUBPqbKy40ZSRQxA/UrAQFYbAgApHo9krHk00+PGAkdg0W0lZLbVChL0rNO
nxiTtaLQOJ5l1IGUxGA9j2yKoj735iJQAsZiIDQyVNKjArbgoz7FOrCzZb7N4omZ
jeI2c2YT0gMF0EtAPPT7N7RdS5EX6RyoGG3b3AI2JP4DUS61OY0we5sQ+cXiFYAu
RjzDsgI+YiRgKkM7xAaQUlhtL+RS4/2T5swWFw96hubhBqJ6dHkg03JwYgH1h1o3
DNjmZA4m1aMzwTlHSMayYELzxNMgwQyXvbg+Fs48gfMfw7phQjtwS4MGFFYe1zAO
hnwocIB+BkXNgLwxAWV646hMUpRNxSh16fPQF+rSj4TSz++Q/GqI9w==
=+rX0
-----END PGP SIGNATURE-----
*******************************************************************
You have received this e-mail bulletin because of your subscription to the Microsoft Product Security Notification Service. For more information on this service, please visit http://www.microsoft.com/technet/security/notify.asp.
To verify the digital signature on this bulletin, please download our PGP key at http://www.microsoft.com/technet/security/notify.asp.
To unsubscribe from the Microsoft Security Notification Service, please visit the Microsoft Profile Center at http://register.microsoft.com/regsys/pic.asp
If you do not wish to use Microsoft Passport, you can unsubscribe from the Microsoft Security Notification Service via email as described below:
Reply to this message with the word UNSUBSCRIBE in the Subject line.
For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site at http://www.microsoft.com/security.
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L