November 11, 2003 Information Security Advisory

All,

Please read this warning. Recent viruses and other information systems attacks 
have been designed to target computers that have failed to install the latest 
security patches, specifically Windows patches. A new wave of hackers are exploiting
newly published vulnerabilities, such as the one described below, and write their 
code to attack unprotected machines, hence the urgency of this message.

Earlier today, the Computer Emergency Response Team (CERT) issued a security 
advisory  CERT Advisory CA-2003-28 Buffer Overflow in Windows Workstation 
Service.

Systems Affected

     * Microsoft  Windows  2000  Service  Pack 2, Service Pack 3, Service
       Pack 4
     * Microsoft Windows XP
     * Microsoft Windows XP Service Pack 1
     * Microsoft Windows XP 64-Bit Edition

Overview

   A   buffer   overflow  vulnerability  exists  in  Microsoft's  Windows
   Workstation Service (WKSSVC.DLL).

   A   remote  attacker  could  exploit  this  vulnerability  to  execute
   arbitrary code or cause a denial of service.

I. Description

   Microsoft's  Security Bulletin MS03-049 
   <http://www.microsoft.com/technet/security/bulletin/MS03-049.asp>
   discusses a buffer overflow in Microsoft's  Workstation Service that
   can be exploited via a specially crafted network message.

   According  to  the  eEye  Digital  Security  Advisory  AD20031111, the
   vulnerability  is caused by a flaw in the network management functions
   of   the  DCE/RPC  service  and  a  logging  function  implemented  in
   Workstation  Service  (WKSSVC.DLL).  Various RPC functions will permit
   the  passing of long strings to the vsprintf() routine that is used to
   create log entries. The vsprintf() routine contains no bounds checking
   for parameters thus creating a buffer overflow situation.

II. Impact

   A   remote  attacker  could  exploit  this  vulnerability  to  execute
   arbitrary  code  with  system-level privileges or to cause a denial of
   service.  The  exploit  vector  and  impact for this vulnerability are
   conducive to automated attacks such as worms.

 Microsoft Corporation

     Microsoft has released MS03-049.
   _________________________________________________________________

   This  vulnerability was discoved by eEye Digital Security and reported
   in Microsoft Security Bulletin MS03-049.
   _________________________________________________________________

III. Solution

Solution: Run Windows Update from http://v4.windowsupdate.microsoft.com/en/default.asp
and apply all the latest patches.

Happy safe computing!

Frederic Martin
www.workingarts.com

PS: If you want to be removed from this computer security advisory mailing list, please 
reply with "remove" in the subject of the message. To review archived security warnings, 
please go to http://www.workingarts.com/infosecarchives.html