[SECURITY-L] CAIS-Alerta: Vulnerabilidade Critica no Microsoft Windows (MS08-067)

Qua Out 29 10:29:47 -02 2008

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject:  CAIS-Alerta: Vulnerabilidade Critica no Microsoft Windows (MS08-067)
To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Fri, 24 Oct 2008 16:31:41 -0200 (BRST)

-----BEGIN PGP SIGNED MESSAGE-----

Prezados,

O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-067 - 
Vulnerability in Server Service Could Allow Remote Code Execution 
(958644)", que trata de uma vulnerabilidade critica no servico "Server" do 
Sistema Operacional Windows.

Foi descoberta uma vulnerabilidade de execucao remota de codigo no servico 
"Server" em sistemas Windows. A vulnerabilidade existe devido ao 
tratamento inadequado de requisicoes RPC (Remote Procedure Call) criadas 
especialmente com o objetivo de explorar esta vulnerabilidade.

O atacante deve ser capaz de ter acesso 'a interface RPC para explorar a 
vulnerabilidade. Sistemas Windows XP SP2, Windows Vista e Windows Server 
2008 recem-instalados tem firewall habilitado por padrao, o que inibe a 
exploracao. Entretanto, as seguintes condicoes permitem a exploracao desta 
vulnerabilidade:

. firewall desativado;
. firewall ativado, mas compartilhamento de arquivos / impressoras 
  habilitado.

Este boletim de seguranca foi divulgado fora do ciclo mensal de boletins 
de seguranca por se tratar de uma vulnerabilidade critica, por isso o CAIS 
recomenda a aplicacao imediada da correcao.

Caso nao seja possivel aplicar a correcao, siga as recomendacoes de 
medidas paleativas da Microsoft.

. Boas praticas de firewall;
. Em sistemas Windows Vista e Windows Server 2008 e' necessario que o 
  atacante esteja autenticado no momento do ataque.

Para detectar este ataque especifico consulte a secao "Mais informacoes". 
Ja' existem regras Snort Emerging Threats disponiveis para download.

SISTEMAS AFETADOS

. Microsoft Windows 2000 Service Pack 4
. Windows XP Service Pack 2
. Windows XP Service Pack 3
. Windows XP Professional x64 Edition
. Windows XP Professional x64 Edition Service Pack 2
. Windows Server 2003 Service Pack 1
. Windows Server 2003 Service Pack 2
. Windows Server 2003 x64 Edition
. Windows Server 2003 x64 Edition Service Pack 2
. Windows Server 2003 com SP1 para Sistemas baseados em Itanium
. Windows Server 2003 com SP2 para Sistemas baseados em Itanium
. Windows Vista
. Windows Vista Service Pack 1
. Windows Vista x64 Edition
. Windows Vista x64 Edition Service Pack 1
. Windows Server 2008 para Sistemas 32 bits
. Windows Server 2008 para Sistemas baseados em x64
. Windows Server 2008 para Sistemas baseados em Itanium

CORRECOES DISPONIVEIS

Recomenda-se atualizar os sistemas para as versoes disponiveis em:

. Microsoft Windows 2000 Service Pack 4
  http://www.microsoft.com/downloads/details.aspx?familyid=E22EB3AE-1295-4FE2-9775-6F43C5C2AED3

. Windows XP Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?familyid=0D5F9B6E-9265-44B9-A376-2067B73D6A03

. Windows XP Service Pack 3
  http://www.microsoft.com/downloads/details.aspx?familyid=0D5F9B6E-9265-44B9-A376-2067B73D6A03

. Windows XP Professional x64 Edition
  http://www.microsoft.com/downloads/details.aspx?familyid=4C16A372-7BF8-4571-B982-DAC6B2992B25

. Windows XP Professional x64 Edition Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?familyid=4C16A372-7BF8-4571-B982-DAC6B2992B25

. Windows Server 2003 Service Pack 1
  http://www.microsoft.com/downloads/details.aspx?familyid=F26D395D-2459-4E40-8C92-3DE1C52C390D

. Windows Server 2003 Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?familyid=F26D395D-2459-4E40-8C92-3DE1C52C390D

. Windows Server 2003 x64 Edition
  http://www.microsoft.com/downloads/details.aspx?familyid=C04D2AFB-F9D0-4E42-9E1F-4B944A2DE400

. Windows Server 2003 x64 Edition Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?familyid=C04D2AFB-F9D0-4E42-9E1F-4B944A2DE400

. Windows Server 2003 com SP1 para Sistemas baseados em Itanium      
  http://www.microsoft.com/downloads/details.aspx?familyid=AB590756-F11F-43C9-9DCC-A85A43077ACF

. Windows Server 2003 com SP2 para Sistemas baseados em Itanium
  http://www.microsoft.com/downloads/details.aspx?familyid=AB590756-F11F-43C9-9DCC-A85A43077ACF

. Windows Vista 
  http://www.microsoft.com/downloads/details.aspx?familyid=18FDFF67-C723-42BD-AC5C-CAC7D8713B21

. Windows Vista Service Pack 1
  http://www.microsoft.com/downloads/details.aspx?familyid=18FDFF67-C723-42BD-AC5C-CAC7D8713B21

. Windows Vista x64 Edition
  http://www.microsoft.com/downloads/details.aspx?familyid=A976999D-264F-4E6A-9BD6-3AD9D214A4BD

. Windows Vista x64 Edition Service Pack 1    
  http://www.microsoft.com/downloads/details.aspx?familyid=A976999D-264F-4E6A-9BD6-3AD9D214A4BD

. Windows Server 2008 para Sistemas 32 bits     
  http://www.microsoft.com/downloads/details.aspx?familyid=25C17B07-1EFE-43D7-9B01-3DFDF1CE0BD7

. Windows Server 2008 para Sistemas baseados em x64   
  http://www.microsoft.com/downloads/details.aspx?familyid=7B12018E-0CC1-4136-A68C-BE4E1633C8DF

. Windows Server 2008 para Sistemas baseados em Itanium        
  http://www.microsoft.com/downloads/details.aspx?familyid=2BCF89EF-6446-406C-9C53-222E0F0BAF7A

MAIS INFORMACOES

. MS08-067: Vulnerability in Server Service Could Allow Remote Code Execution (958644)
  http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

. SANS ISC Handler's Diary 2008-10-23: * Microsoft out-of-band patch - Severity Critical
  http://isc.sans.org/diary.html?storyid=5227

. Microsoft MSRC - MS08-067 Released
  http://blogs.technet.com/msrc/archive/2008/10/23/ms08-067-released.aspx

. Microsoft SVRD - More detail about MS08-067, the out-of-band netapi32.dll security update
  http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx

. MS08-067 Sigs from Secureworks
  http://www.emergingthreats.net/index.php/component/content/article/1-latest/124-ms08-067-sigs-from-secureworks.html

. Microsoft Brasil Security
  http://www.microsoft.com/brasil/security

. Technet Brasil - Central de Seguranca
  http://www.technetbrasil.com.br/seguranca

. Windows Live OneCare
  http://safety.live.com/site/pt-BR/default.htm

Identificador CVE (http://cve.mitre.org): CVE-2008-4250

O CAIS recomenda que os administradores mantenham seus sistemas e 
aplicativos sempre atualizados, de acordo com as ultimas versoes e 
correcoes oferecidas pelos fabricantes.

Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF:
http://www.rnp.br/cais/alertas/rss.xml

Atenciosamente,

################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       http://www.cais.rnp.br                #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponivel   http://www.rnp.br/cais/cais-pgp.key   #
################################################################

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iQCVAwUBSQIUmOkli63F4U8VAQEynQQAxl3Mrad1FcA2P73nbTM53Z5a7MTONA1c
In6jSnlbppvGIKa+qLxJ0Zf+GRpBe0y4LtrMsHorZrnznw3FB4SKgyfIt1pmRwOf
dch7vNHoXsych0KS1RuiScSXz64dYL2EjINT7QvpvAnMxMMdp9p3wkV4xVnNRJyQ
wZCEzUziCqg=
=3OE1
-----END PGP SIGNATURE-----

----- End forwarded message -----