Microsoft has released a security bulletin and patch to address a security vulnerability that could allow a malicious user to gain control of an affected server. Network Monitor, shipped with SMS Server 1.2, 2.0 and Windows 2000 Server versions, contains a protocol parser that aids in interpreting and analyzing previously captured network data. If a malicious user was to send a specially crafted frame to a server that was monitoring network traffic it would cause an overflow that would cause Network Monitor to crash and allow the malicious user to launch arbitrary commands. VENDOR RESPONSE Microsoft has released a security bulletin, MS00-0083. Multiple patches are also available; Microsoft Windows NT 4.0 Server and Windows NT 4.0 Server, Enterprise Edition:http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25487 Microsoft Windows NT 4.0 Server, Terminal Server Edition: To be released shortly.- Microsoft Windows 2000 Server, Advanced Server and Datacenter Server:http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25485 Microsoft Systems Management Server 1.2: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25505 Microsoft Systems Management Server 2.0: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25514 CREDIT |
Microsoft Network Monitor Software Vulnerable to Multiple Overflows
0 comments
Hide comments