[SECURITY-L] CAIS-Alerta: Vulnerabilidade no Workstation Service (828749)

Security Team - UNICAMP security em unicamp.br
Qua Nov 12 14:55:41 -02 2003


----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Vulnerabilidade no Workstation Service (828749)
To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Wed, 12 Nov 2003 10:18:04 -0200 (BRDT)

-----BEGIN PGP SIGNED MESSAGE-----


Prezados,

O CAIS esta' repassando o alerta divulgado pela Microsoft, "Microsoft
Security Bulletin MS03-049: Buffer Overrun in the Workstation Service
Could Allow Code Execution (828749)", tratando de vulnerabilidade
identificada no Workstation Service capaz de permitir ao atacante
executar código arbitrário.

O Workstation Service determina onde dado recurso esta´ alocado e
encaminha as requisicoes correspondentes para o sistema local ou para os
componentes da rede. Assim, tanto as requisicoes ao sistema de arquivos
local, quanto aquelas de arquivos armazenados remotamente ou impressoes
via rede, sao encaminhadas pelo Workstation Service. Maiores detalhes
podem ser obtidos em:

http://www.microsoft.com/technet/prodtechnol/winntas/reskit/net/chptr1.asp


Sistemas Afetados:

   	. Microsoft Windows 2000 Service Pack 2, Service Pack 3, Service Pack 4
    	. Microsoft Windows XP, Microsoft Windows XP Service Pack 1
    	. Microsoft Windows XP 64-Bit Edition

Observacao: As correcoes referentes ao Windows XP consideradas no alerta
MS03-043 (828035) incluem correcoes para a vulnerabilidade tratada no
presente alerta. Logo, os administradores de sistemas Windows XP que
aplicaram as correcoes do MS03-043, nao precisam aplicar as correcoes
deste alerta. O mesmo *nao* ocorre para o Windows 2000.


Sistemas Não Afetados:

	. Microsoft Windows NT Workstation 4.0, Service Pack 6a
	. Microsoft Windows NT Server 4.0, Service Pack 6a
	. Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6
	. Microsoft Windows Millennium Edition
	. Microsoft Windows XP 64-Bit Edition Version 2003
	. Microsoft Windows Server 2003
	. Microsoft Windows Server 2003 64-Bit Edition


Correções disponíveis:

A correção consiste na aplicação dos correspondentes patches recomendados
pela Microsoft e disponíveis em:

. Microsoft Windows 2000 Service Pack 2, Service Pack 3, Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=2467FE46-D167-479C-9638-D4D79483F261&displaylang=en

. Microsoft Windows XP, Microsoft Windows XP Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=F02DA309-4B0A-4438-A0B9-5B67414C3833&displaylang=en

. Microsoft Windows XP 64-Bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=2BE95254-4C65-4CA5-80A5-55FDF5AA2296&displaylang=en


Para maiores detalhes sobre medidas de contorno (workarounds), perguntas
mais frequentes, ou ainda, sobre outras recomendacoes tecnicas para
instalacao dos updates, recomenda-se consultar o alerta original da
Microsoft.


Maiores informações:

. Microsoft Security Bulletin MS03-049
http://www.microsoft.com/technet/security/bulletin/MS03-049.asp

. Microsoft Windows Security Bulletin Summary for November, 2003
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/winnov03.asp

. What You Should Know About the Windows Security Updates for November 2003
http://www.microsoft.com/security/security_bulletins/20031111_windows.asp


Identificador do CVE: CAN-2003-0812 (http://cve.mitre.org)


O CAIS recomenda aos administradores de plataformas Microsoft a
atualizarem seus sistemas com urgencia, devido a criticidade do presente
alerta.

Atenciosamente,


################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       http://www.cais.rnp.br                #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponivel   http://www.rnp.br/cais/cais-pgp.key   #
################################################################

- --------------------------------------------------------------------
Title: Microsoft Windows Security Bulletin Summary for
       November 2003
Issued: November 11, 2003
Version Number: 1.0
Bulletin:
http://www.microsoft.com/technet/security/bulletin/winnov03.asp
- --------------------------------------------------------------------

Summary:
========
Included in this advisory are three updates describing newly
discovered vulnerabilities in Microsoft Windows. These
vulnerabilities, broken down by severity are:

** Critical Security Bulletins

    MS03-049 - Buffer Overrun in the Workstation Service Could Allow
               Code Execution (828749)

             - Affected Software:
               - Microsoft Windows 2000 Service Pack 2, Service
                 Pack 3, and Service Pack 4
               - Microsoft Windows XP,
                 Microsoft Windows XP Service Pack 1
               - Microsoft Windows XP 64-Bit Edition

             - Impact: Remote Code Execution
             - Version Number: 1.0

Patch Availability:
===================
Patches are available to fix these vulnerabilities.
For a11itional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions, and Patch
Deployment Information please read the Microsoft Windows Security
Bulletin Summary for November 2003 at:
http://www.microsoft.com/technet/security/bulletin/winnov03.asp

Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:

- - jelmer
     (jkuperus em planet.nl)
     for reporting the issue described in MS03-048.

- - eEye Digital Security
     (http://www.eeye.com/)
     for reporting the issue described in MS03-049.

- - Brett Moore of Security-Assessment.com
     (http://www.security-assessment.com/)
     for reporting the issue described in MS03-051.

Support:
========
Technical support is available from Microsoft Product Support
Services at 1-866-PCSAFETY (1-866-727-2338). There is no charge
for support calls associated with security patches.

International customers can get support from their local Microsoft
subsidiaries. There is no charge for support associated
with security updates. Information on how to contact Microsoft
support is available at
http://support.microsoft.com/common/international.aspx.

Revisions:
==========
* V1.0 November 2003: Bulletin Created.
********************************************************************
Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:
http://www.microsoft.com/technet/security/tips/pcprotec.asp

If you receive an e-mail that claims to be distributing a
Microsoft security patch, it is a hoax that may be distributing a
virus. Microsoft does not distribute security patches via e-mail.
You can learn more about Microsoft's software distribution
policies here:
http://www.microsoft.com/technet/security/policy/swdist.asp
********************************************************************
- --------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
- --------------------------------------------------------------------


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBP7IlBOkli63F4U8VAQFu2wP8CuM8eix57Zcc7HT4du1dBSvTK6V7PvEP
L5xwAKuZK9DARi/8pex5HP0z2/FbJSUJHfaj+TowyiYvQR/J2bW7ME76quR0vie0
qJtyQQzhBXdteH+kP0mEhNJ7M99MftmcH9RVsjq2uS7yZtyZGTvcfNG9rusu5ipQ
JU/hOwYNNno=
=om2+
-----END PGP SIGNATURE-----


----- End forwarded message -----



Mais detalhes sobre a lista de discussão SECURITY-L