June 13th, 2002, 07:33 AM
Title: Unchecked Buffer in Remote Access Service Phonebook Could
Lead to Code Execution (Q318138)
Date: 12 June 2002
Software: Windows NT 4.0, NT 4.0 Terminal Server Edition, 2000, XP,
Routing and Remote Access Server (RRAS)
Impact: Local Privilege Escalation
Max Risk: Critical
Microsoft encourages customers to review the Security Bulletin at:
June 13th, 2002, 04:23 PM
Re: Bulletin: MS02-029
Originally posted here by micael
This is a must install if you are running any of the affected versions of the software. Even though it says that an attacker must have the ability to login. This attack could be used in conjuction with other attacks to gain admin access. Or disable RAS if you are not using it, it is enabled by default.
It will be interesting to see how the .Net servers are configured by default. I think we might start seeing a more free/open BSD type mentality where nothing(or atleast a lot less) is enabled by default.