February 10, 2004 Information Security Advisory Earlier today, Microsoft issued Security Bulletin MS04-007: ASN.1 Vulnerability Could Allow Code Execution (828028) Issued: February 10, 2004 Version Number: 1.0 Summary Who should read this document: Customers who are using Microsoft® Windows® Impact of vulnerability: Remote Code Execution Maximum Severity Rating: Critical Recommendation: You should apply the update immediately. Affected Software: Microsoft Windows NT® Workstation 4.0 Service Pack 6a Microsoft Windows NT Server 4.0 Service Pack 6a Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, Microsoft 2000 Windows Service Pack 4 Microsoft Windows XP, Microsoft Windows XP Service Pack 1 Microsoft Windows XP 64-Bit Edition, Microsoft Windows XP 64-Bit Edition Service Pack 1 Microsoft Windows XP 64-Bit Edition Version 2003, Microsoft Windows XP 64-Bit Edition Version 2003 Service Pack 1 Microsoft Windows Server™ 2003 Microsoft Windows Server 2003 64-Bit Edition Severity Rating: Microsoft Windows NT 4.0 Critical Microsoft Windows NT Server 4.0 Terminal Server Edition Critical Microsoft Windows 2000 Critical Microsoft Windows XP Critical Microsoft Windows Server 2003 Critical The above assessment is based on the types of systems that are affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them. Vulnerability identifier: CAN-2003-0818 Solution: go to http://v4.windowsupdate.microsoft.com/en/default.asp to download the security patch and install it (this is a 344kB file download). Happy safe computing! Frederic Martin www.workingarts.com PS1: If you want to be removed from this computer security advisory mailing list, please reply with "remove" in the subject of the message. To review archived security warnings, please go to http://www.workingarts.com/infosecarchives.html PS2: This vulnerability was brought to Microsoft's attention 200 days ago. eEye Digital Security discovered the flaw.