Says Eeye:
This is something that will let you get into Internet servers, internal networks, pretty much any system.
This vulnerability affects basically any client of MSASN1.DLL, the most interesting of which are LSASS.EXE and CRYPT32.DLL (and therefore any application that uses CRYPT32.DLL).
http://home.businesswire.com/portal/...76&newsLang=en
eEye(R) Digital Security, a leading developer of enterprise security software solutions, today announced its research team uncovered two critical vulnerabilities relating to Microsoft's Windows(R) Abstract Syntax Notation One (ASN.1). ASN is the method through which the syntax of messages to be exchanged between peer applications is defined, independent of local representation. These critical security flaws affect unpatched Windows NT, 2000, XP and Windows Server 2003 machines. eEye's research team discovered these vulnerabilities as early as July 2003 and worked with Microsoft to develop a remediation solution.
Either of these ASN vulnerabilities could allow an attacker to overwrite heap memory with arbitrary data allowing for the execution of malicious code. Both of these flaws can be detected and subsequently exploited remotely and have the potential to cause serious damage if not immediately remediated. Ironically, the security-related functionality in Windows is especially adept at rendering a machine vulnerable to an attack. Since the ASN library is widely used by Windows security subsystems, the vulnerability is exposed through an array of authentication protocols. This makes these vulnerabilities more dangerous than previous flaws that spawned Nimda, Code Red and Sapphire worms. eEye and Microsoft have released detailed advisories to alert Windows users of the need to immediately remediate vulnerable machines on their networks.
+=+=+=+=+=+=+=+=+=+=
Looks like MS knew about this for 6 MONTHS and sat on it until they got a patch made for it.
Vendor Status:
Microsoft has released a patch for these vulnerabilities. The patch is available at:
http://www.microsoft.com/technet/sec...n/MS04-007.asp
Reply With Quote