If in fact you actually read the whole bulletin, it tells you how to apply a workaround until Microsoft release the patch. Steve -----Original Message----- From: UESSE S.r.l. [mailto:uesse@xxxxxx] Sent: Wed 12/06/2002 12:27 PM To: [ISAserver.org Discussion List] Cc: Subject: [isalist] Re: Fw: Microsoft Security Bulletin MS02-027 http://www.ISAserver.org Why that bulletin for ? To inform hackers about the vulnerability, so they can provide a nice attack until the patch will be available ? ;-) ----- Original Message ----- From: "Jim Harrison" <jim@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, June 12, 2002 2:18 AM Subject: [isalist] Fw: Microsoft Security Bulletin MS02-027 > http://www.ISAserver.org > > > Pay close attention to this one, folks! > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/authors/harrison/ > Read the books! > ----- Original Message ----- > From: "Jerry Bryant [MS]" <jbryant@xxxxxxxxxxxxxxxxxxxx> > Newsgroups: > microsoft.public.security,microsoft.public.isa,microsoft.public.isaserver,mi > crosoft.public.windows.inetexplorer.ie55.browser,microsoft.public.windows.in > etexplorer.ie6.browser > Sent: Tuesday, June 11, 2002 4:40 PM > Subject: Microsoft Security Bulletin MS02-027 > > > Title: Unchecked Buffer in Gopher Protocol Handler Can Run Code > of Attacker's Choice (Q323889) > Date: 11 June 2002 > Software: Internet Explorer, Proxy Server, Internet Security and > Acceleration Server > Impact: Run Code of Attacker's Choice > Max Risk: Critical > Bulletin: MS02-027 > > Microsoft encourages customers to review the Security Bulletin at: > http://www.microsoft.com/technet/security/bulletin/MS02-027.asp. > - ---------------------------------------------------------------------- > > Issue: > ====== > This is a work-around bulletin that details steps customers can take to > protect themselves against a publicly disclosed vulnerability until patches > are available. > > The Gopher protocol is a legacy protocol that provides for the transfer of > text-based information across the Internet. Information on Gopher servers is > hierarchically presented using a menu system, and multiple Gopher servers > can be linked together to form a collective "Gopherspace". > > There is an unchecked buffer in a piece of code which handles the response > from Gopher servers. This code is used independently in IE, ISA, and Proxy > Server. A security vulnerability results because it is possible for an > attacker to attempt to exploit this flaw by mounting a buffer overrun attack > through a specially crafted server response. The attacker could seek to > exploit the vulnerability by crafting a web page that contacted a server > under the attacker's control. The attacker could then either post this page > on a web site or send it as an HTML email. When the page was displayed and > the server's response received and processed, the attack would be carried > out. > > A successful attack requires that the attacker be able to send information > to the intended target using the Gopher protocol. Anything which inhibited > Gopher connectivity could protect against attempts to exploit this > vulnerability. In the case of IE, the code would be run in the user's > context. As a result, any limitations on the user would apply to the > attacker's code as well. > > > Mitigating Factors: > ==================== > - A successful attack requires that the attacker's server be > able to deliver information to the target using the Gopher > protocol. Customers who block Gopher at the perimeter would be > protected against attempts to exploit this vulnerability across > the Internet. > > - In the case of IE, code would run in the security context of > the user. As a result, any limitations on the user's ability > would also restrict the actions an attacker's code could take. > > - A successful attack against ISA and Proxy servers would > require that the malicious response be received by the web > proxy service. In practical terms, this means that a proxy > client would have to submit the initial request through the > proxy server. > > Risk Rating: > ============ > - Internet systems: Critical > - Intranet systems: Critical > - Client systems: Critical > > Patch Availability: > =================== > - A patch is currently under development to fix this > vulnerability. Please read the Security Bulletin at > http://www.microsoft.com/technet/security/bulletin/ms02-027.asp > for workaround information while patches are developed. > > - --------------------------------------------------------------------- > > THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS > PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL > WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE > WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO > EVENT > SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES > WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF > BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS > SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES > DO > NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR > INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. > > > -- > Regards, > > Jerry Bryant - MCSE, MCDBA > Microsoft IT Communities > > Get Secure! www.microsoft.com/security > > > This posting is provided "AS IS" with no warranties, and confers no rights. > > > > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: uesse@xxxxxx > To unsubscribe send a blank email to leave-isalist-244890H@xxxxxxxxxxxxx ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: steve@xxxxxxxxxxxxxxx To unsubscribe send a blank email to leave-isalist-244890H@xxxxxxxxxxxxx