Ms05-019 / Can-2005-0048
Results 1 to 2 of 2

Thread: Ms05-019 / Can-2005-0048

  1. #1

    Ms05-019 / Can-2005-0048

    MS05-019 and specifically the CAN-2005-0048 issue (not yet up on the MITRE site but I guess it will be soon) looks troublesome. I think the ISC puts it pretty well.

    "Incomplete validation of IP Network Packets" is how Microsoft describes this vulnerability. The end result could be remote execution of code.
    According the the MS article, it seems likely that anything trying to use this exploit will most likely make the victim's computer fall over, but that's just according to Microsoft. Vulnerable systems appear to be NT 4.0, Windows 2000, Windows XP (pre-SP2). There are patches available for 2000 & XP but Microsoft's attitude to NT users is basically telling them to contact MS for a patch, presumably one that they will have to pay for. Nice one, Micro$oft.

    A mitigating factor is the fact that most routers don't forward this type of malformed packet, but that might still leave a LAN vulnerable if a PC on the local network is running this sort of attack.

    Since we've seen viruses now that use this kind of thing as a payload, it seems to me that it's quite possible that the thing can cruise past your firewall in an emailed ZIP file or some such and then attempt to compromise the entire LAN using this vulnerability.

    Or am I just being paranoid?

  2. #2
    Member
    Join Date
    Apr 2005
    Posts
    45

    side-note

    Just to comment on the points where MS is going in this kind of move...

    Vulnerable systems appear to be NT 4.0, Windows 2000, Windows XP (pre-SP2).
    - MS is really pushing the users to go SP2, or be left behind (still my personal opinion).

    On a side-note, recently, I had read more and more articles about the need of update to SP2, but still I don't update my box personally. Eventhough SP2 had been deployed for a long time now, still more and more patches are being done for such BIG LEAP (SP2) of change in the MS's OS.

    but Microsoft's attitude to NT users is basically telling them to contact MS for a patch, presumably one that they will have to pay for. Nice one, Micro$oft.
    -NT Server as well as NT Workstation's support had been closer to discontinuity.
    See here - http://support.microsoft.com/gp/lifean3

    ciao

    -GONE
    an\"to*nym (noun) [Greek: a word used in substitution for another]
    A word of opposite meaning ; a counter-term ; used as a correlative of synonym
    - Dr. Gung-ho

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •