*There appears to be good workarounds for this update, and it appears it's not needed if a good 3rd party firewall is used. -Clint
TITLE: Microsoft Windows Server Service Two Vulnerabilities SECUNIA ADVISORY ID: SA21007 VERIFY ADVISORY: http://secunia.com/advisories/21007/ CRITICAL: Moderately critical IMPACT: Exposure of system information, System access WHERE: >From local network OPERATING SYSTEM: Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows XP Professional http://secunia.com/product/22/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to expose sensitive information and compromise a vulnerable system. 1) A boundary error in the handling of Mailslots in the Server service can be exploited to execute arbitrary code by sending a specially crafted packet to the service. 2) An uninitialised buffer in the Server protocol driver can be exploited to view data from the Server Message Block buffers by sending specially crafted packets to the service. SOLUTION: Apply patches: Microsoft Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=b207020d-90f7-4c41-8304-06af0ded6467 Microsoft Windows XP SP1 / SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=b207020d-90f7-4c41-8304-06af0ded6467 Microsoft Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=b0f67167-7ede-4355-af6f-50c6615f6bbd Microsoft Windows Server 2003 (with or without SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=48f03ad7-38f9-48f4-bbfc-14c52e9c942a Microsoft Windows Server 2003 for Itanium-based Systems (with or without SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=41a4a07f-bea3-48d6-b8d2-d7a5600d7179 Microsoft Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=dfbf3fa6-9e11-48b4-894d-5436693d17f7 *ORIGINAL ADVISORY: MS06-035 (KB917159): http://www.microsoft.com/technet/security/Bulletin/MS06-035.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
