[SECURITY-L] CAIS-Alerta: Vulnerabilidade no Microsoft Messenger Service (828035)

Security Team - UNICAMP security em unicamp.br
Seg Out 20 13:37:44 -02 2003 

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Vulnerabilidade no Microsoft Messenger Service (828035)
To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Wed, 15 Oct 2003 16:12:03 -0300 (BRST)

-----BEGIN PGP SIGNED MESSAGE-----


Prezados,

O CAIS esta' repassando o alerta divulgado pela Microsoft, "Microsoft
Security Bulletin MS03-043: Buffer Overrun in Messenger Service Could
Allow Code Execution (828035)", que trata da identificacao de uma
vulnerabilidade no Messenger Service que pode permitir a um atacante
remoto a execucao de codigo arbitrario com privilegios Local System ou
mesmo resultar na interrupcao do servico Messenger.

O servico Messenger e' um servico Windows que transmite mensagens "net
send" e mensagens que sao enviadas atraves do servico Alerter entre
computadores clientes e servidores.


Sistemas Afetados:

	. Microsoft Windows NT Workstation 4.0, Service Pack 6a
	. Microsoft Windows NT Server 4.0, Service Pack 6a
	. Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6
	. Microsoft Windows 2000, Service Pack 2
	. Microsoft Windows 2000, Service Pack 3, Service Pack 4
	. Microsoft Windows XP Gold, Service Pack 1
	. Microsoft Windows XP 64-bit Edition
	. Microsoft Windows XP 64-bit Edition Version 2003
	. Microsoft Windows Server 2003
	. Microsoft Windows Server 2003 64-bit Edition


Sistemas nao Afetados:

	. Microsoft Windows Millennium Edition


Correções disponíveis:

A correção consiste na aplicação do patch recomendado pela Microsoft e
disponível em:

. Microsoft Windows NT Workstation 4.0, Service Pack 6a
http://www.microsoft.com/downloads/details.aspx?FamilyId=7597FCF4-6615-4074-9E46-A17D808ED38D&displaylang=en

. Microsoft Windows NT Server 4.0, Service Pack 6a
http://www.microsoft.com/downloads/details.aspx?FamilyId=B1949456-996A-485A-9A28-79FD79F26A1B&displaylang=en

. Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6
http://www.microsoft.com/downloads/details.aspx?FamilyId=64AB4B66-1A6E-4264-93A8-26CDB98B05A8&displaylang=en

. Microsoft Windows 2000, Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=A0061377-1683-4C13-9527-5534F6C7CF85&displaylang=en

. Microsoft Windows 2000, Service Pack 3, Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=99F1B40D-906A-4945-A021-4B494CCCBDE0&displaylang=en

. Microsoft Windows XP Gold, Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=F02DA309-4B0A-4438-A0B9-5B67414C3833&displaylang=en

. Microsoft Windows XP 64-bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=2BE95254-4C65-4CA5-80A5-55FDF5AA2296&displaylang=en

. Microsoft Windows XP 64-bit Edition Version 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B990946-84C8-4C91-899C-5A44EC13174E&displaylang=en

. Microsoft Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=1DF106F3-7EC4-4EB0-9143-C1E3C9E2F5F8&displaylang=en

. Microsoft Windows Server 2003 64-bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B990946-84C8-4C91-899C-5A44EC13174E&displaylang=en



Maiores informações:

http://www.microsoft.com/technet/security/bulletin/ms03-043.asp

Identificadores do CVE: CAN-2003-0717, (http://cve.mitre.org)


O CAIS recomenda aos administradores de plataformas Microsoft que
mantenham seus sistemas e aplicativos sempre atualizados.


Atenciosamente,


################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       http://www.cais.rnp.br                #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponivel   http://www.rnp.br/cais/cais-pgp.key   #
################################################################

Title: Buffer Overrun in Messenger Service Could Allow Code Execution
(828035)

Date: October 15, 2003

Software:
Microsoft Windows NT Server 4.0
Microsoft Windows NT 4.0 Workstation
Microsoft Windows NT Server 4.0, Terminal Server Edition
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003

Impact: Allow attacker to execute arbitrary code.

Maximum Severity Rating: CRITICAL

Bulletin: MS03-043

The Microsoft Security Response Center has released Microsoft
Security Bulletin MS03-043

What Is It?
The Microsoft Security Response Center has released Microsoft
Security Bulletin MS03-043 which concerns a vulnerability in products
listed above.  Customers are advised to review the information in the
bulletin, test and deploy the patch immediately in their
environments, if applicable.

More information is now available at
http://www.microsoft.com/technet/security/bulletin/MS03-043.asp

If you have any questions regarding the patch or its implementation
after reading the above listed bulletin you should contact Product
Support Services in the United States at 1-866-PCSafety
(1-866-727-2338).  International customers should contact their local
subsidiary.

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBP42cC+kli63F4U8VAQHw6QQAosukC4K7UBFa6AHvkZOkzhm0YoLwSaew
itSlP9b2kQgTQHSpeDKgmtmVqM7BnyiJ1J730n6YRBpNFNAkLmMna9SD279PyV/K
BFu5IchKJb3xCUAcZefhqAjlh+ItIBtrmZqMd0VXfGojvJL8piVr9cDXOg384G2q
lHrl/TEjFc8=
=oJfp
-----END PGP SIGNATURE-----


----- End forwarded message -----

Mais detalhes sobre a lista de discussão SECURITY-L