[SECURITY-L] CAIS-Alerta: Vulnerabilidade no Microsoft Windows LSASS (MS08-002)
CSIRT - UNICAMP
security em unicamp.br
Sex Jan 25 09:25:04 -02 2008
----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----
From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Vulnerabilidade no Microsoft Windows LSASS (MS08-002)
cc: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Wed, 9 Jan 2008 16:47:46 -0200 (BRST)
-----BEGIN PGP SIGNED MESSAGE-----
Prezados,
O CAIS esta' repassando o alerta da Microsoft, intitulado "Vulnerability
in LSASS Could Allow Local Elevation of Privilege (943485)", que trata de
uma vulnerabilidade no Microsoft Windows Local Security Authority
Subsystem Service (LSASS).
Esta vulnerabilidade existe em decorrencia da manipulacao indevida de
chamadas de procedimentos locais (LPC) realizadas pelo Windows Local
Security Authority Subsystem Service (LSASS).
A exploracao local desta vulnerabilidade permite a um atacante obter
elevacao de privilegios, e com isso podera conseguir controle total sobre
o sistema vulneravel.
Sistemas afetados:
. Microsoft Windows 2000 Service Pack 4
. Windows XP Service Pack 2
. Windows XP Professional x64 Edition
. Windows XP Professional x64 Edition Service Pack 2
. Windows Server 2003 Service Pack 1
. Windows Server 2003 Service Pack 2
. Windows Server 2003 x64 Edition
. Windows 2003 Server x64 Edition Service Pack 2
. Windows Server 2003 com SP1 para sistemas baseados em Itanium
. Windows Server 2003 com SP2 para sistemas baseados em Itanium
Correcoes disponiveis:
Recomenda-se fazer a atualizacao para as versoes disponiveis em:
. Microsoft Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=7956632e-17d9-4876-8340-84fe3e43e5cc
. Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=6a4cf182-8e36-490e-aefe-edb7b3a0df9c
. Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyID=51fc657b-2b4a-4725-a744-d279e027c4a5
. Windows XP Professional x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyID=51fc657b-2b4a-4725-a744-d279e027c4a5
. Windows Server 2003 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyID=12397b47-b18f-4d4d-b8d7-adec8ff310d5
. Windows Server 2003 Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyID=12397b47-b18f-4d4d-b8d7-adec8ff310d5
. Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyID=f19fd790-a4e6-4a8a-8077-d1bbfe37ecca
. Windows 2003 Server x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyID=f19fd790-a4e6-4a8a-8077-d1bbfe37ecca
. Windows Server 2003 com SP1 para sistemas baseados em Itanium
http://www.microsoft.com/downloads/details.aspx?FamilyID=0382a195-aa3d-409b-8a79-9fe61588d8a9
. Windows Server 2003 com SP2 para sistemas baseados em Itanium
http://www.microsoft.com/downloads/details.aspx?FamilyID=0382a195-aa3d-409b-8a79-9fe61588d8a9
Mais informacoes:
. MS08-002 - Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)
http://www.microsoft.com/technet/security/bulletin/ms08-002.mspx
. SANS ISC Handler's Diary 2008-01-08: January Black Tuesday overview
http://isc.incidents.org/diary.html?storyid=3819
. Microsoft Brasil Security
http://www.microsoft.com/brasil/security
. Technet Brasil - Central de Seguranca
http://www.technetbrasil.com.br/seguranca
. Windows Live OneCare
http://safety.live.com/site/pt-BR/default.htm
Identificador CVE (http://cve.mitre.org): CVE-2007-5352
O CAIS recomenda que os administradores mantenham seus sistemas e
aplicativos sempre atualizados, de acordo com as ultimas versoes e
correcoes oferecidas pelos fabricantes.
Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF:
http://www.rnp.br/cais/alertas/rss.xml
Atenciosamente,
################################################################
# CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) #
# Rede Nacional de Ensino e Pesquisa (RNP) #
# #
# cais em cais.rnp.br http://www.cais.rnp.br #
# Tel. 019-37873300 Fax. 019-37873301 #
# Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key #
################################################################
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iQCVAwUBR4UW2ukli63F4U8VAQHvVAP/fsi9ANROcX/nrOp7QttWc1d87cHuLusW
RwycvsJ9tuc9KLjcl3mTUkF0QxiQCKlKuPFGQ3Ah7B24gyLe8KTPiXHiC+4rAB5J
vHxvcP6EdLB+noFw+on7VoxuC8jUNB/sqOYvMU/VrLoTaL8bh/Jx9JmRQkw1ZKjX
kSWTMvGUHO4=
=r395
-----END PGP SIGNATURE-----
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L