Original release date: October 23, 2008
Overview
Microsoft has released updates that address a vulnerability in Microsoft Windows 2000, Windows XP, and Windows Vista. A vulnerability in the way the Microsoft Windows server service handles RPC requests could allow an unauthenticated, remote attacker to execute arbitrary code with SYSTEM privileges.
Description
A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable system to crash. Since the Server service runs with SYSTEM privileges, an attacker could take complete control of a vulnerable system.
Microsoft has released Microsoft Security Bulletin MS08-067 to address a buffer overflow vulnerability in the Windows Server service. The vulnerability is caused by a flaw in the way the Server service handles Remote Procedure Call (RPC) requests. For systems running Windows 2000, XP, and Server 2003, a remote, unauthenticated attacker could exploit this vulnerability. For systems running Windows Vista and Server 2008, a remote attacker would most likely need to authenticate.
Microsoft Security Bulletin MS08-067 rates this vulnerability as "Critical" for Windows 2000, XP, and Server 2003. The bulletin also notes "…limited, targeted attacks attempting to exploit the vulnerability."
This vulnerability has been assigned CVE-2008-4250. Further information is available in a Security Vulnerability & Research blog entry and US-CERT Vulnerability Note VU#827267.
Impact
A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable system to crash. Since the Server service runs with SYSTEM privileges, an attacker could take complete control of a vulnerable system.
References
US-CERT Vulnerability Note VU#827267 -
US-CERT Technical Cyber Security Alert TA08-297A -
Microsoft Security Bulletin MS08-067 -
Microsoft Security Response Center (MSRC) -
No comments:
Post a Comment