[ccc-virusalert] latest microsoft vulnerability
- From: Jarrod Wilkes <jarrod@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- To: ccc-virusalert@xxxxxxxxxxxxx
- Date: Tue, 10 Feb 2004 21:26:54 -0500
"This is one of the most serious Microsoft vulnerabilities ever
released," -Marc Maiffret, Chief Hacking Officer(CHO) of eEye Digital
Security Inc.
"This one is REAL bad," -Me.
That being said, here's some articles:
From microsoft:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS04-007.asp
From eEye(the company that found the exploit and told Microsoft over 6
mths ago(July 25th):
http://www.eeye.com/html/Research/Advisories/AD20040210.html
From AP(Associated Press):
http://apnews.myway.com//article/20040210/D80KJ01G1.html
What this means:
MSASN1.DLL(Abstract Syntax Notation - a way to understand data syntax
across different systems) has a several vulnerabilities that would allow
an attacker to overwrite heap memory via integer overflows(very bad) on
a susceptible machine and execute arbitrary code. This file is used
widely by several windows services, and most windows security
subsystems. Kerberos(email/password authentication), NTLMv2
authentication, and any applications(Internet Explorer, Microsoft
Outlook and Outlook Express, Third-party applications) that use
certificates(SSL, signed e-mail, ActiveX) are all vulnerable.
What this means(IN ENGLISH):
Any computer running Windows NT, 2000, or XP can be silently overtaken
by an attacker. The attacker can run programs, view, copy, and edit
files, basically do whatever they want with ease. This means that your
Bank, your CC company, your Medical/Dental records, your companys data,
etc, or any computer connected to the internet, can be overtaken. I'm
sure you can think of a few more bad things that can happen.
The BAD news:
eEye.com , who warned microsoft back in July, promised not to speak
about the exploit until microsoft had a fix. Unfortunately, eEye was
informed last week that someone in a foreign country had also discoved
the security hole. They, eEye, pressured microsoft, and the fix was
released about 2 hrs ago. Marc Maiffret, from eEye, estimates that we
have 1 to 3 weeks before a worm is released, maybe less. This network
worm will wind its way through the internet, and turn unpatched
computers into its playthings. Any computer connected to the net is
vulnerable. You don't need to be checking email or surfing, and us users
of alternative browsers, like Mozilla, are still vulnerable.
The GOOD news:
The patch is out. Go, right NOW and download it from:
http://windowsupdate.microsoft.com
You need to be using Internet Explorer to download the patch. It will
take you less than 1 min. even using dial-up. Also good news, is that
all the system/network admins of all the major places(banks, medical,
telcomm), if they're smart, will patch all affected computers
tomorrow(Wednesday). This should lessen impact, but all home users
should patch immediately to avoid their data being compromised, and
their computer being used as an attacker against others.
In a side note, my Inbox has been getting deluged with viruii. My Norton
Antivirus deletes them before they get in my inbox. This is not the
MyDoom.A/B or MyDoom.Juice viruii that I wrote about last week. I turned
off my virus scanner(not for the faint of heart) to examine what they
were, and discovered it was an "official" looking email from microsoft
with an attachment containing the latest security patch. Let me
reiterate some points:
1. Don't open attachments
2. Microsoft will never send you any patch. They probably don't have
your email anyway. Download patches from the site:
http://windowsupdate.microsoft.com
So, patch your system(s). And all you network admins, if you have an
IDS(Intrusion Detection System), which you should, look for rule updates
within the next few days, if not already.
Thanks,
Jarrod
Other related posts:
- » [ccc-virusalert] latest microsoft vulnerability
