Thursday, February 12. 2004
Update your Windows NOW. DO NOT DELAY
I'm not going to bother describing it. Here's the SANS information. UPDATE NOW. EXPECT A WORM IN THE NEXT 10 DAYS.
Get to Windows UpdateAs soon as possible. Get all the updates.
NOW.
While it's installing, you can enjoy the rap from the official eEye advisory. They're the ones who found it and reported it...on July 23, 2003...to microsoft, so they have the right to have a little fun at MS's expense. With apologies to eEye...
U Can't Trust This
By: MCSE Hammer
Blaster did ya some harm
We just say, hey, another worm
But thank you, for trusting me
To mind your site's security
It's all good, when your server's downed
Our dope PR will pass blame around
Cuz it's known as such
That this is some software, you can't trust
I told ya Homeland
U can't trust this
Yeah that's why we're giving ya the code
U can't trust this
Check out eEye, man
U can't trust this
Yo let 'em bust more funky system
U can't trust this
Give 'em a string or recvfrom
Like no sweat they got the keys to your kingdom
Now ya know
You talk about eEye, you're talking about holes
Remote and tight
Coders still sweating so someone better write
A book to learn
What it's gonna take in '04
To earn some trust
Legit, either secure or ya might as well quit
That's the word because you know
U can't trust this
U can't trust this
Breakin' in
Stop -- eEye time
Get to Windows UpdateAs soon as possible. Get all the updates.
NOW.
While it's installing, you can enjoy the rap from the official eEye advisory. They're the ones who found it and reported it...on July 23, 2003...to microsoft, so they have the right to have a little fun at MS's expense. With apologies to eEye...
U Can't Trust This
By: MCSE Hammer
Blaster did ya some harm
We just say, hey, another worm
But thank you, for trusting me
To mind your site's security
It's all good, when your server's downed
Our dope PR will pass blame around
Cuz it's known as such
That this is some software, you can't trust
I told ya Homeland
U can't trust this
Yeah that's why we're giving ya the code
U can't trust this
Check out eEye, man
U can't trust this
Yo let 'em bust more funky system
U can't trust this
Give 'em a string or recvfrom
Like no sweat they got the keys to your kingdom
Now ya know
You talk about eEye, you're talking about holes
Remote and tight
Coders still sweating so someone better write
A book to learn
What it's gonna take in '04
To earn some trust
Legit, either secure or ya might as well quit
That's the word because you know
U can't trust this
U can't trust this
Breakin' in
Stop -- eEye time
(1) HIGH: Microsoft ASN.1 Library Integer Overflow Vulnerabilities
Affected: Windows NT/2000/XP/2003
Description: Multiple integer overflow vulnerabilities exist in the
Microsoft ASN.1 (Abstract Syntax Notation) parser library, msasn1.dll.
The flaws can be exploited to overwrite heap memory, potentially
resulting in execution of arbitrary code on a vulnerable host with
SYSTEM privileges. Note that the ASN.1 library is used by many
authentication and cryptographic services such as NTLMv2, Kerberos and
ISAKMP/IPSec. Applications using digital certificates are also affected.
The vulnerabilities can be exploited on the client-side or server-side
via a number of attack vectors. The technical details required to
exploit the flaws have been posted. No exploits are known to be
currently circulating in the wild.
Status: Vendor confirmed, patches available. There are no possible
workarounds.
Council Site Actions: Most of the reporting council sites are rolling
out the patches on a priority schedule. Many sites already have patching
in progress.
References:
Microsoft Advisory
http://www.microsoft.com/technet/security/bulletin/MS04-007.asp
eEye Advisories
http://www.eeye.com/html/Research/Advisories/AD20040210.html
http://www.eeye.com/html/Research/Advisories/AD20040210-2.html
CERT Advisory and Vulnerability Notes
http://www.us-cert.gov/cas/techalerts/TA04-041A.html
http://www.kb.cert.org/vuls/id/216324
http://www.kb.cert.org/vuls/id/583108
SecurityFocus BIDs
http://www.securityfocus.com/bid/9626
http://www.securityfocus.com/bid/9633
http://www.securityfocus.com/bid/9635
Affected: Windows NT/2000/XP/2003
Description: Multiple integer overflow vulnerabilities exist in the
Microsoft ASN.1 (Abstract Syntax Notation) parser library, msasn1.dll.
The flaws can be exploited to overwrite heap memory, potentially
resulting in execution of arbitrary code on a vulnerable host with
SYSTEM privileges. Note that the ASN.1 library is used by many
authentication and cryptographic services such as NTLMv2, Kerberos and
ISAKMP/IPSec. Applications using digital certificates are also affected.
The vulnerabilities can be exploited on the client-side or server-side
via a number of attack vectors. The technical details required to
exploit the flaws have been posted. No exploits are known to be
currently circulating in the wild.
Status: Vendor confirmed, patches available. There are no possible
workarounds.
Council Site Actions: Most of the reporting council sites are rolling
out the patches on a priority schedule. Many sites already have patching
in progress.
References:
Microsoft Advisory
http://www.microsoft.com/technet/security/bulletin/MS04-007.asp
eEye Advisories
http://www.eeye.com/html/Research/Advisories/AD20040210.html
http://www.eeye.com/html/Research/Advisories/AD20040210-2.html
CERT Advisory and Vulnerability Notes
http://www.us-cert.gov/cas/techalerts/TA04-041A.html
http://www.kb.cert.org/vuls/id/216324
http://www.kb.cert.org/vuls/id/583108
SecurityFocus BIDs
http://www.securityfocus.com/bid/9626
http://www.securityfocus.com/bid/9633
http://www.securityfocus.com/bid/9635
Trackbacks
Trackback specific URI for this entry
No Trackbacks