[SECURITY-L] CAIS-Alerta: Vulnerabilidade no Windows Troubleshooter (826232)
Security Team - UNICAMP
security em unicamp.br
Seg Out 20 13:37:17 -02 2003
----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----
From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Vulnerabilidade no Windows Troubleshooter (826232)
To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Wed, 15 Oct 2003 16:11:39 -0300 (BRST)
-----BEGIN PGP SIGNED MESSAGE-----
Prezados,
O CAIS esta' repassando o alerta divulgado pela Microsoft, "Microsoft
Security Bulletin MS03-042: Buffer Overflow in Windows Troubleshooter
ActiveX Control Could Allow Code Execution (826232)", que trata da
identificacao de uma vulnerabilidade no controle ActiveX Windows
Troubleshooter que pode permitir a um atacante remoto a execucao de codigo
arbitrario.
O controle ActiveX (Tshoot.ocx) Windows Troubleshooter (auxiliador de
solucao de problemas) possui uma falha ao validar parametros em algumas
circunstancias.
Sistemas Afetados:
. Microsoft Windows 2000, Service Pack 2
. Microsoft Windows 2000, Service Pack 3, Service Pack 4
Sistemas nao Afetados:
. Microsoft Windows NT 4.0
. Microsoft Windows NT Server 4.0, Terminal Server Edition
. Microsoft Windows Millennium Edition
. Microsoft Windows XP
. Microsoft Windows Server 2003
Correções disponíveis:
A correção consiste na aplicação do patch recomendado pela Microsoft e
disponível em:
. Microsoft Windows 2000, Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=FC1FD84B-B3A4-43F5-804B-A2608EC56163&displaylang=en
. Microsoft Windows 2000, Service Pack 3, Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=48D16574-9B17-463B-A5D2-D75BA5128EF9&displaylang=en
Maiores informações:
http://www.microsoft.com/technet/security/bulletin/ms03-042.asp
Identificadores do CVE: CAN-2003-0661, (http://cve.mitre.org)
O CAIS recomenda aos administradores de plataformas Microsoft que
mantenham seus sistemas e aplicativos sempre atualizados.
Atenciosamente,
################################################################
# CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) #
# Rede Nacional de Ensino e Pesquisa (RNP) #
# #
# cais em cais.rnp.br http://www.cais.rnp.br #
# Tel. 019-37873300 Fax. 019-37873301 #
# Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key #
################################################################
Title: Buffer Overflow in Windows Troubleshooter ActiveX Control
Could Allow Code Execution (826232)
Date: October 15, 2003
Software:
Microsoft Windows 2000, Service Pack 2
Microsoft Windows 2000, Service Pack 3, Service Pack 4
Impact: Remote Code Execution.
Maximum Severity Rating: CRITICAL
Bulletin: MS03-042
The Microsoft Security Response Center has released Microsoft
Security Bulletin MS03-042
What Is It?
The Microsoft Security Response Center has released Microsoft
Security Bulletin MS03-037 which concerns a vulnerability in products
listed above. Customers are advised to review the information in the
bulletin, test and deploy the patch immediately in their
environments, if applicable.
More information is now available at
http://www.microsoft.com/technet/security/bulletin/MS03-042.asp
If you have any questions regarding the patch or its implementation
after reading the above listed bulletin you should contact Product
Support Services in the United States at 1-866-PCSafety
(1-866-727-2338). International customers should contact their local
subsidiary.
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQCVAwUBP42b8ekli63F4U8VAQGd9wP7By3xdfv4e5d7QPGsc0MitLhjS+KRDooo
eyk4wlemjeCfORdXr4mrSmoG7adfUG3T0uvlsbsIGA0omB/1FNYQdSkMYbVfZupB
EiNkuOnL4zancuvqE9Yo0LpBuI9/wyC4QTazLY7LvT3imLLvBtUY3LEsfaABxmAh
DDPyjaQAcvg=
=xg1Z
-----END PGP SIGNATURE-----
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L