TITLE: Windows Remote Installation Service Writable Path Vulnerability SECUNIA ADVISORY ID: SA23312
VERIFY ADVISORY: http://secunia.com/advisories/23312/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network OPERATING SYSTEM: Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Server http://secunia.com/product/20/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the Remote Installation Service enabling a TFTP service, which by default allows anonymous users to upload malicious files or overwrite existing operating system files. SOLUTION: Apply patch. Microsoft Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=0ed62db9-4534-4f27-a49e-020c7a7d69e0 ORIGINAL ADVISORY: MS06-077 (KB926121): http://www.microsoft.com/technet/security/Bulletin/MS06-077.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
