Bulletin: MS02-029
Results 1 to 2 of 2

Thread: Bulletin: MS02-029

  1. #1
    Senior Member
    Join Date
    Nov 2001

    Bulletin: MS02-029

    Title: Unchecked Buffer in Remote Access Service Phonebook Could
    Lead to Code Execution (Q318138)
    Date: 12 June 2002
    Software: Windows NT 4.0, NT 4.0 Terminal Server Edition, 2000, XP,
    Routing and Remote Access Server (RRAS)
    Impact: Local Privilege Escalation
    Max Risk: Critical
    Bulletin: MS02-029

    Microsoft encourages customers to review the Security Bulletin at:

  2. #2
    Senior Member
    Join Date
    Oct 2001

    Re: Bulletin: MS02-029

    Originally posted here by micael

    This is a must install if you are running any of the affected versions of the software. Even though it says that an attacker must have the ability to login. This attack could be used in conjuction with other attacks to gain admin access. Or disable RAS if you are not using it, it is enabled by default.

    It will be interesting to see how the .Net servers are configured by default. I think we might start seeing a more free/open BSD type mentality where nothing(or atleast a lot less) is enabled by default.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts