Microsoft has issued an advisory warning users of a critical security flaw in Windows NT, 2000, XP and Server2003. 64-Bit Edition Versions are also affected.
The company has a new policy of announcing vulnerabilities and releasing patches on the second Tuesday of each month, unless a critical flaw needs to be released immediately. Last week, the software maker revealed a security flaw in Internet Explorer and issued a patch. On Tuesday, Microsoft announced three more vulnerabilities: the critical flaw and two other issues of lesser severity. One security hole affects computers running the Windows Internet Naming Service, and the other affects Microsoft’s Virtual PC for the Mac platform. The latest flaw exists in Microsoft’s implementation of a basic networking protocol known as Abstract Syntax Notation One, or ASN.1. The code is shared by many Windows applications, and if left unpatched, it causes each program that uses the code to be an entry point into the operating system for an attacker.
CNET
News
Microsoft warns of widespread Windows flaw
eEye Digital Security has discovered a critical vulnerability in Microsoft’s ASN.1 library (MSASN1.DLL) that would allow an attacker to overwrite heap memory on a susceptible machine and cause the execution of arbitrary code. Because this library is widely used by Windows security subsystems, the vulnerability is exposed through an array of avenues, including Kerberos, NTLMv2 authentication, and applications that make use of certificates (SSL, digitally-signed e-mail, signed ActiveX controls, etc.).
eEye
Digital Security
Microsoft ASN.1 Library Length Overflow Heap Corruption
Who should read this document: Customers who are using Microsoft®
Windows®
Impact of vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Systems administrators should apply the update immediately.
Security Update Replacement: None
Microsoft
ASN.1 Vulnerability Could Allow Code Execution (828028)
Issued: February 10, 2004
» Porn Sites Exploit New Internet Explorer Flaw – Patch Due Oct 10
» Microsoft Issues Patches for ‘Critical’ Flaws in Media Player and Windows
» New Windows Metafile Flaws Emerge
» AV Companies Admit Huge Errors – Symantec, Norton, McAfee AV Flawed
» Microsoft Fixes Critical IE Problems
» Microsoft Warns of Windows Image-Handling Flaw
» Microsoft Warns of Critical Windows Flaws – Patch Available Sep 13th
» Microsoft & Secunia Security Advisories for IE Com Flaw
» Microsoft Releases Critical Updates
» Microsoft Issues Security Patches – No IE Fix
» Microsoft Warns of 22 New Security Flaws
» Major Graphics Flaw Threatens Windows PCs
» Microsoft Releases Unscheduled IE Security Patch
» Microsoft Urges Move To IE 6 Service Pack 1 Following Code Leak
» Microsoft Releases Early Cumulative IE Patch – Phishing Flaw Fixed
del.icio.us
Digg
Furl
Netscape
Yahoo! My Web
StumbleUpon
Google Bookmarks
Technorati
BlinkList
Newsvine
ma.gnolia
reddit
Windows Live
Tailrank
