Got an email the other day, should have posted earlier but ive been a little busy


eEye Digital Security Uncovers Dangerous Vulnerabilities in Microsoft Windows
Six new vulnerabilities related to Microsoft Windows were announced today. The discoveries include critical flaws in Windows Remote Procedure Call (RPC), Local Security Authority Subsystem Service (LSASS), and in the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats. Of the six newly discovered, four are extremely critical since they allow for the remote execution of code on unpatched machines.

Systems Affected
Affected systems include all current versions of Microsoft Windows and Windows Server 2003.

Potential Impact
These vulnerabilities could potentially allow an attacker to take complete control of an affected system. An attacker could then take any action on the affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. eEye and Microsoft have released detailed advisories to alert Windows users of the need to immediately secure vulnerable machines on their networks.


--------------------------------------------------------------------------------

RPC Runtime Library Vulnerability - Remote code execution (w2k,xp,2003)
LSASS Vulnerability - Remote code execution (w2k,xp,2003)
Metafile Vulnerability - Remote code execution (w2k,xp,nt 4)
Local Descriptor Table Vulnerability - Privilege Elevation (w2k,nt 4)
Virtual DOS Machine Vulnerability - Privilege Elevation (w2k,nt 4)
RPCSS Service Vulnerability - DOS (w2k,xp,2003)



*The above assessment is based on the types of systems that are affected by the vulnerability, typical deployment patterns, and the effect that exploiting the vulnerability would have on them.(source: Microsoft)



--------------------------------------------------------------------------------

Protecting Against These Vulnerabilities
The most effective way to protect vulnerable systems is to apply the hotfixes released by Microsoft. The hotfixes will remediate these vulnerabilities, and can be found here:
http://www.microsoft.com/technet/sec.../MS04-011.mspx
http://www.microsoft.com/technet/sec.../MS04-012.mspx

Retina Network Security Scanner
Retina has been updated to check for all of the above vulnerabilities. These checks are included in Retina versions 4.9.194 and higher. Retina is the only scanner that is 100% non-intrusive and can scan remotely without administrative access. For a comprehensive list of Retina audits click here:
http://www.eeye.com/html/mkt/gen/AprilAdv.html

Additional Information: eEye Security Bulletins
Microsoft DCOM RPC Memory Leak
http://www.eeye.com/html/Research/Ad...20040413A.html

Microsoft DCOM RPC Race Condition
http://www.eeye.com/html/Research/Ad...20040413B.html

Windows Local Security Authority Service Remote Buffer Overflow
http://www.eeye.com/html/Research/Ad...20040413C.html

Windows Expand-Down Data Segment Local Privilege Escalation
http://www.eeye.com/html/Research/Ad...20040413D.html

Windows VDM TIB Local Privilege Escalation
http://www.eeye.com/html/Research/Ad...20040413E.html

Windows Metafile Heap Overflow
http://www.eeye.com/html/Research/Ad...20040413F.html

Source eEye

Or if you feel like some more reading heres the press release
http://www.eeye.com/html/Press/PR20040413.html