Windows Server Service RPC Processing Bug Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1021091 |
|
SecurityTracker URL: http://securitytracker.com/id/1021091
|
|
CVE Reference:
CVE-2008-4250
(Links to External Site)
|
Updated: Feb 13 2009
|
Original Entry Date: Oct 23 2008
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 2000 SP4, 2003 SP2, XP SP3, Vista SP1, 2008; and prior service packs
|
Description:
A vulnerability was reported in Microsoft Windows in the Server service. A remote user can execute arbitrary code on the target system.
A remote user can send a specially crafted RPC request to execute arbitrary code on the target system.
The vendor notes that a "wormable" exploit is possible on Windows XP and older operating systems.
The vendor also notes that this vulnerability is being actively exploited.
Windows 7 Pre-Beta is also affected.
|
Impact:
A remote user can execute arbitrary code on the target system.
|
Solution:
The vendor has issued the following fixes:
Microsoft Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?familyid=E22EB3AE-1295-4FE2-9775-6F43C5C2AED3
Windows XP Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=0D5F9B6E-9265-44B9-A376-2067B73D6A03
Windows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=0D5F9B6E-9265-44B9-A376-2067B73D6A03
Windows XP Professional x64 Edition:
http://www.microsoft.com/downloads/details.aspx?familyid=4C16A372-7BF8-4571-B982-DAC6B2992B25
Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=4C16A372-7BF8-4571-B982-DAC6B2992B25
Windows Server 2003 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=F26D395D-2459-4E40-8C92-3DE1C52C390D
Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=F26D395D-2459-4E40-8C92-3DE1C52C390D
Windows Server 2003 x64 Edition:
http://www.microsoft.com/downloads/details.aspx?familyid=C04D2AFB-F9D0-4E42-9E1F-4B944A2DE400
Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=C04D2AFB-F9D0-4E42-9E1F-4B944A2DE400
Windows Server 2003 with SP1 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=AB590756-F11F-43C9-9DCC-A85A43077ACF
Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=AB590756-F11F-43C9-9DCC-A85A43077ACF
Windows Vista and Windows Vista Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=18FDFF67-C723-42BD-AC5C-CAC7D8713B21
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=A976999D-264F-4E6A-9BD6-3AD9D214A4BD
Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=25C17B07-1EFE-43D7-9B01-3DFDF1CE0BD7
Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=7B12018E-0CC1-4136-A68C-BE4E1633C8DF
Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=2BCF89EF-6446-406C-9C53-222E0F0BAF7A
A restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx
On October 27, 2008, Microsoft issued a separate advisory indicating that demonstration exploit code is available and that limited exploit attacks have been detected:
http://www.microsoft.com/technet/security/advisory/958963.mspx
On November 26, 2008 (UTC), Microsoft reported that many customers that have not applied the MS08-067 fix have been infected with malware:
http://blogs.technet.com/msrc/archive/2008/11/25/november-25-ms08-067-update.aspx
On January 23, 2009 (UTC), the Microsoft Malware Protection Center issued a summary of their guidance regarding the Conficker worm:
http://blogs.technet.com/mmpc/archive/2009/01/22/centralized-information-about-the-conficker-worm.aspx
On February 12, 2009, Microsoft issued information about the domain name algorithm used by the Conficker worm:
http://blogs.technet.com/msrc/archive/2009/02/12/conficker-domain-information.aspx
Enterprise guidance on the Conficker worm is available from Microsoft at:
http://www.microsoft.com/conficker
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms08-067.mspx (Links to External Site)
|
Cause:
Not specified
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
