SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows Drivers Vendors:   Microsoft
Windows Server Service RPC Processing Bug Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1021091
SecurityTracker URL:  http://securitytracker.com/id/1021091
CVE Reference:   CVE-2008-4250   (Links to External Site)
Updated:  Feb 13 2009
Original Entry Date:  Oct 23 2008
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2000 SP4, 2003 SP2, XP SP3, Vista SP1, 2008; and prior service packs
Description:   A vulnerability was reported in Microsoft Windows in the Server service. A remote user can execute arbitrary code on the target system.

A remote user can send a specially crafted RPC request to execute arbitrary code on the target system.

The vendor notes that a "wormable" exploit is possible on Windows XP and older operating systems.

The vendor also notes that this vulnerability is being actively exploited.

Windows 7 Pre-Beta is also affected.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   The vendor has issued the following fixes:

Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?familyid=E22EB3AE-1295-4FE2-9775-6F43C5C2AED3

Windows XP Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=0D5F9B6E-9265-44B9-A376-2067B73D6A03

Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=0D5F9B6E-9265-44B9-A376-2067B73D6A03

Windows XP Professional x64 Edition:

http://www.microsoft.com/downloads/details.aspx?familyid=4C16A372-7BF8-4571-B982-DAC6B2992B25

Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=4C16A372-7BF8-4571-B982-DAC6B2992B25

Windows Server 2003 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=F26D395D-2459-4E40-8C92-3DE1C52C390D

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=F26D395D-2459-4E40-8C92-3DE1C52C390D

Windows Server 2003 x64 Edition:

http://www.microsoft.com/downloads/details.aspx?familyid=C04D2AFB-F9D0-4E42-9E1F-4B944A2DE400

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=C04D2AFB-F9D0-4E42-9E1F-4B944A2DE400

Windows Server 2003 with SP1 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=AB590756-F11F-43C9-9DCC-A85A43077ACF

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=AB590756-F11F-43C9-9DCC-A85A43077ACF

Windows Vista and Windows Vista Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=18FDFF67-C723-42BD-AC5C-CAC7D8713B21

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=A976999D-264F-4E6A-9BD6-3AD9D214A4BD

Windows Server 2008 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=25C17B07-1EFE-43D7-9B01-3DFDF1CE0BD7

Windows Server 2008 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=7B12018E-0CC1-4136-A68C-BE4E1633C8DF

Windows Server 2008 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=2BCF89EF-6446-406C-9C53-222E0F0BAF7A

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx

On October 27, 2008, Microsoft issued a separate advisory indicating that demonstration exploit code is available and that limited exploit attacks have been detected:

http://www.microsoft.com/technet/security/advisory/958963.mspx

On November 26, 2008 (UTC), Microsoft reported that many customers that have not applied the MS08-067 fix have been infected with malware:

http://blogs.technet.com/msrc/archive/2008/11/25/november-25-ms08-067-update.aspx

On January 23, 2009 (UTC), the Microsoft Malware Protection Center issued a summary of their guidance regarding the Conficker worm:

http://blogs.technet.com/mmpc/archive/2009/01/22/centralized-information-about-the-conficker-worm.aspx

On February 12, 2009, Microsoft issued information about the domain name algorithm used by the Conficker worm:

http://blogs.technet.com/msrc/archive/2009/02/12/conficker-domain-information.aspx

Enterprise guidance on the Conficker worm is available from Microsoft at:

http://www.microsoft.com/conficker

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms08-067.mspx (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC