Reported April 13, 2004, by Microsoft.
VERSIONS AFFECTED
·
Windows Server 2003
·
Windows XP
·
Windows 2000
·
Windows NT Server 4.0 Service Pack (SP) 6a
·
Windows NT Server 4.0, Terminal Server Edition (WTS) SP6
·
Windows NT Workstation 4.0 SP6a
·
Microsoft Windows Me
·
Microsoft Windows 9x
·
Microsoft NetMeeting
DESCRIPTION
Fourteen new vulnerabilities
exist in Windows, the most serious of which could result in the remote execution
of arbitrary code on the vulnerable system with SYSTEM privileges. These 14
vulnerabilities consist of:
·
Local Security
Authority Subsystem Service (LSASS) vulnerability
·
Lightweight
Directory Access Protocol (LDAP) vulnerability
·
Private
Communications Technology (PCT) vulnerability
·
Winlogon
vulnerability
·
Metafile
vulnerability
·
Help and
Support Center vulnerability
·
Utility Manager
vulnerability
·
Windows
Management vulnerability
·
Local
Descriptor Table vulnerability
·
H.323
vulnerability
·
Virtual DOS
Machine (VDM) vulnerability
·
Negotiate SSP
vulnerability
·
Secure Sockets
Layer (SSL) vulnerability
·
ASN.1 "Double
Free" vulnerability
VENDOR RESPONSE
Microsoft has released Microsoft Security Bulletin
MS04-011, "Security Update for
Microsoft Windows (835732),"
to address these vulnerabilities and recommends that affected users immediately
apply the appropriate patch listed in the bulletin.
CREDIT
Discovered by Carlos Sarraute, Internet
Security Systems, Ondrej Sevecek, Jouko Pynnönen, Brett Moore, Cesar Cerrudo,
Ben Pryor, Erik Kamphuis, NSFOCUS Security Team, John Lampe, Foundstone Labs,
Qualys and eEye Digital Security.
Multiple Vulnerabilities in Microsoft Windows - 21 Apr 2004
1 comment
Hide comments