[SECURITY-L] CAIS-Alerta: Vulnerabilidade nos formatos de arquivo do Windows Media Runtime (MS07-068)
CSIRT - UNICAMP
security em unicamp.br
Seg Dez 17 10:34:45 -02 2007
----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----
From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Vulnerabilidade nos formatos de arquivo do Windows
Media Runtime (MS07-068)
To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Thu, 13 Dec 2007 15:46:42 -0200 (BRST)
-----BEGIN PGP SIGNED MESSAGE-----
Prezados,
O CAIS esta' repassando o alerta da Microsoft, intitulado "Vulnerability
in Windows Media File Format Could Allow Remote Code Execution (941569 and
944275)", que trata de uma vulnerabilidade descoberta em diversas versoes
do Windows Media format Runtime.
A vulnerabilidade existe na forma como o Windows Media Runtime trata
arquivos no formato Advanced System Format (ASF). Esta vulnerabilidade
pode ser explorada atraves da criacao de um arquivo no formato ASF
especialmente construido, que seja aberta pelo usuario utilizando alguma
aplicacao cliente, tal como o Windows Media Player.
A exploracao dessa vulnerabilidade pode causar a execucao remota de codigo,
e caso o usuario utilizado no momento da execucao do exploit tenha
privilegios de administrador, pode permitir ao atacante obter o controle
total do sistema vulneravel.
Sistemas afetados:
. Windows Media Format Runtime 7.1 no Microsoft Windows 2000 Service Pack 4
. Windows Media Format Runtime 9 no Windows 2000 Service Pack 4
. Windows Media Format Runtime 9 no Windows XP Service Pack 2
. Windows Media Format Runtime 9.5 no Windows XP Service Pack 2
. Windows Media Format Runtime 9.5 no Windows XP Professional x64 Edition
. Windows Media Format Runtime 9.5 no Windows XP Professional x64 Edition Service Pack 2
. Windows Media Format Runtime 9.5 no Windows Server 2003 Service Pack 1
. Windows Media Format Runtime 9.5 no Windows Server 2003 Service Pack 2
. Windows Media Format Runtime 9.5 no Windows Server 2003 x64 Edition
. Windows Media Format Runtime 9.5 no Windows Server 2003 x64 Edition Service Pack 2
. Windows Media Format Runtime 9.5 x64 Edition no Windows XP Professional x64 Edition
. Windows Media Format Runtime 9.5 x64 Edition no Windows XP Professional x64 Edition Service Pack 2
. Windows Media Format Runtime 9.5 no Windows Server 2003 x64 Edition
. Windows Media Format Runtime 9.5 no Windows Server 2003 x64 Edition Service Pack 2
. Windows Media Format Runtime 11 no Windows XP Service Pack 2
. Windows Media Format Runtime 11 no Windows XP Professional x64 Edition
. Windows Media Format Runtime 11 no Windows XP Professional x64 Edition Service Pack 2
. Windows Media Format Runtime 11 no Windows Vista
. Windows Media Format Runtime 11 no Windows Vista x64 Edition
. Windows Media Services 9.1 no Windows Server 2003 Service Pack 1
. Windows Media Services 9.1 no Windows Server 2003 Service Pack 2
. Windows Media Services 9.1 no Windows Server 2003 x64 Edition
. Windows Media Services 9.1 no Windows Server 2003 x64 Edition Service Pack 2
Correcoes disponiveis:
Recomenda-se fazer a atualizacao para as versoes disponiveis em:
. Windows Media Format Runtime 7.1 no Microsoft Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyID=eecdf2ce-9aa7-4f0c-b62b-2fa7a32f369e
. Windows Media Format Runtime 9 no Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyID=eecdf2ce-9aa7-4f0c-b62b-2fa7a32f369e
. Windows Media Format Runtime 9 no Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyID=bece702a-6e61-433e-8275-20f4e84f2c92
. Windows Media Format Runtime 9.5 no Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyID=bece702a-6e61-433e-8275-20f4e84f2c92
. Windows Media Format Runtime 9.5 no Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyID=81f20b45-dfc7-4ddf-a4b4-6c0e9476ed51
. Windows Media Format Runtime 9.5 no Windows XP Professional x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyID=81f20b45-dfc7-4ddf-a4b4-6c0e9476ed51
. Windows Media Format Runtime 9.5 no Windows Server 2003 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyID=8fea7da8-a7f3-4786-97c2-fb5ea7018159
. Windows Media Format Runtime 9.5 no Windows Server 2003 Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyID=8fea7da8-a7f3-4786-97c2-fb5ea7018159
. Windows Media Format Runtime 9.5 no Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyID=ffc69c76-02f1-4b15-8ec1-dab8c7e33bd4
. Windows Media Format Runtime 9.5 no Windows Server 2003 x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyID=ffc69c76-02f1-4b15-8ec1-dab8c7e33bd4
. Windows Media Format Runtime 9.5 x64 Edition no Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyID=72d2ca0e-da81-45ee-9321-4970b80f4a5a
. Windows Media Format Runtime 9.5 x64 Edition no Windows XP Professional x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyID=72d2ca0e-da81-45ee-9321-4970b80f4a5a
. Windows Media Format Runtime 9.5 no Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyID=ffc69c76-02f1-4b15-8ec1-dab8c7e33bd4
. Windows Media Format Runtime 9.5 no Windows Server 2003 x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyID=ffc69c76-02f1-4b15-8ec1-dab8c7e33bd4
. Windows Media Format Runtime 11 no Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyID=bece702a-6e61-433e-8275-20f4e84f2c92
. Windows Media Format Runtime 11 no Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyID=1037b224-ac89-4efd-b189-6f3da77a88e6
. Windows Media Format Runtime 11 no Windows XP Professional x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyID=1037b224-ac89-4efd-b189-6f3da77a88e6
. Windows Media Format Runtime 11 no Windows Vista
http://www.microsoft.com/downloads/details.aspx?FamilyID=9a98ef96-bc2e-42b7-9a24-c82c8fb379db
. Windows Media Format Runtime 11 no Windows Vista x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyID=3ce02c95-d695-4f14-9fb3-30c83a9cfb9c
. Windows Media Services 9.1 no Windows Server 2003 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyID=096711d4-ce01-45d0-9c2d-ebfa5c671b9f
. Windows Media Services 9.1 no Windows Server 2003 Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyID=096711d4-ce01-45d0-9c2d-ebfa5c671b9f
. Windows Media Services 9.1 no Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyID=23c23800-5aaa-455b-96bf-4ead4dfdd95d
. Windows Media Services 9.1 no Windows Server 2003 x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyID=23c23800-5aaa-455b-96bf-4ead4dfdd95d
Mais informacoes:
. MS07-068 - Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275)
http://www.microsoft.com/technet/security/bulletin/ms07-068.mspx
. SANS ISC Handler's Diary 2007-12-11: December black tuesday overview
http://isc.sans.org/diary.html?storyid=3735
. Microsoft Brasil Security
http://www.microsoft.com/brasil/security
. Technet Brasil - Central de Seguranca
http://www.technetbrasil.com.br/seguranca
. Windows Live OneCare
http://safety.live.com/site/pt-BR/default.htm
Identificador CVE (http://cve.mitre.org): CVE-2007-0064
O CAIS recomenda que os administradores mantenham seus sistemas e
aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes
oferecidas pelos fabricantes.
Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF:
http://www.rnp.br/cais/alertas/rss.xml
Atenciosamente,
################################################################
# CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) #
# Rede Nacional de Ensino e Pesquisa (RNP) #
# #
# cais em cais.rnp.br http://www.cais.rnp.br #
# Tel. 019-37873300 Fax. 019-37873301 #
# Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key #
################################################################
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iQCVAwUBR2FwB+kli63F4U8VAQFn9QP/fxSOoWU82hPbvlYdB3OMDTnmuKW7umfm
0+T5nZ4uDKqiC4Mf66nSj9spqtQsZ966jpW4VPxbVrr3Bq2tZXwqruj8VMYQa8vj
ZeiXzNpp6l05cmNRwC8q+WMtR3QnsOTVnVk+Z07F7SbTuukopUvgby6+UtjwLV8M
grCzEQrhIoc=
=I5Fz
-----END PGP SIGNATURE-----
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L