[SECURITY-L] CAIS-Alerta: Vulnerabilidade no Microsoft Authenticode (823182)

Seg Out 20 13:36:58 -02 2003

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Vulnerabilidade no Microsoft Authenticode (823182)
To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Wed, 15 Oct 2003 16:11:19 -0300 (BRST)

-----BEGIN PGP SIGNED MESSAGE-----

Prezados,

O CAIS esta' repassando o alerta divulgado pela Microsoft, "Microsoft
Security Bulletin MS03-041: Vulnerability in Authenticode Verification
Could Allow Remote Code Execution (823182)", que trata da identificacao de
uma vulnerabilidade no Authenticode que pode ser explorada remotamente
permitindo a um atacante a execucao de codigo arbitrario.

O Authenticode e' o sistema que permite ao usuario autorizar ou nao a
instalacao de componentes ActiveX presentes em uma pagina web. Em certas
condicoes onde o sistema esta' com pouca memoria livre, a vulnerabilidade
descrita causa a instalacao do componente sem que seja pedida autorizacao
ao usuario. Isto pode causar a execucao de codigo malicioso com os
privilegios do usuario que acessa a pagina.

Sistemas Afetados:

	. Microsoft Windows NT Workstation 4.0, Service Pack 6a
	. Microsoft Windows NT Server 4.0, Service Pack 6a
	. Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6
	. Microsoft Windows 2000, Service Pack 2
	. Microsoft Windows 2000, Service Pack 3, Service Pack 4
	. Microsoft Windows XP Gold, Service Pack 1
	. Microsoft Windows XP 64-bit Edition
	. Microsoft Windows XP 64-bit Edition Version 2003
	. Microsoft Windows Server 2003
	. Microsoft Windows Server 2003 64-bit Edition

Sistemas nao Afetados:

	. Microsoft Windows Millennium Edition

Correções disponíveis:

A correção consiste na aplicação do patch recomendado pela Microsoft e
disponível em:

. Microsoft Windows NT Workstation 4.0, Service Pack 6a
http://www.microsoft.com/downloads/details.aspx?FamilyId=921466F5-BC40-4E8E-BB57-6B81B57C21B6&displaylang=en

. Microsoft Windows NT Server 4.0, Service Pack 6a
http://www.microsoft.com/downloads/details.aspx?FamilyId=21F64FF0-9175-42BE-A8E4-BDC59A98BDF2&displaylang=en

. Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6
http://www.microsoft.com/downloads/details.aspx?FamilyId=C6688576-4682-4A30-BBD7-1817F2944890&displaylang=en

. Microsoft Windows 2000, Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=C862E049-58B2-4486-8D98-23183D7EE17D&displaylang=en

. Microsoft Windows 2000, Service Pack 3, Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=90D27AEC-7D2A-45FD-B85A-E98E574338F1&displaylang=en

. Microsoft Windows XP Gold, Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=6CDF5303-D767-4D68-9BA7-055E93E87847&displaylang=en

. Microsoft Windows XP 64-bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=D92EF2E8-C03A-43C0-B428-D76C4B669151&displaylang=en

. Microsoft Windows XP 64-bit Edition Version 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=4DFF5AAB-FA62-4B81-9C08-5C9FCB905E11&displaylang=en

. Microsoft Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=135D8C00-7B4B-4C21-8EAA-D58814635E0D&displaylang=en

. Microsoft Windows Server 2003 64-bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=4DFF5AAB-FA62-4B81-9C08-5C9FCB905E11&displaylang=en

Maiores informações:

http://www.microsoft.com/technet/security/bulletin/ms03-041.asp

Identificadores do CVE: CAN-2003-0660, (http://cve.mitre.org)

O CAIS recomenda aos administradores de plataformas Microsoft que
mantenham seus sistemas e aplicativos sempre atualizados.

Atenciosamente,

################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       http://www.cais.rnp.br                #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponivel   http://www.rnp.br/cais/cais-pgp.key   #
################################################################

Title: Vulnerability in Authenticode Verification Could Allow Remote
Code Execution (823182)

Date: October 15, 2003

Software: Microsoft Windows NT Workstation 4.0, Service Pack 6a;
Microsoft Windows NT Server 4.0, Service Pack 6a; Microsoft Windows
NT Server 4.0, Terminal Server Edition, Service Pack 6; Microsoft
Windows 2000, Service Pack 2; Microsoft Windows 2000, Service Pack 3,
Service Pack 4; Microsoft Windows XP Gold, Service Pack 1; Microsoft
Windows XP 64-bit Edition; Microsoft Windows XP 64-bit Edition
Version 2003; Microsoft Windows Server 2003; Microsoft Windows Server
2003 64-bit Edition

Impact: Remote Code Execution

Maximum Severity Rating: Critical

Bulletin: MS03-041

The Microsoft Security Response Center has released Microsoft
Security Bulletin MS03-041

What Is It?
The Microsoft Security Response Center has released Microsoft
Security Bulletin MS03-044 which concerns a vulnerability in the
above listed versions of Windows.  Customers are advised to review
the information in the bulletin, test and deploy the patch
immediately in their environments, if applicable.

More information is now available at
http://www.microsoft.com/technet/security/bulletin/MS03-041.asp

If you have any questions regarding the patch or its implementation
after reading the above listed bulletin you should contact Product
Support Services in the United States at 1-866-PCSafety
(1-866-727-2338).  International customers should contact their local
subsidiary.