MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
Posted - 11 February 2004 : 02:17:05
|
Today Microsoft has released three critical fixes which are applicable for almost every OS they ever build ! It concerns vulnerabilities in the Abstract Syntax Notation 1 (ASN.1), IE and the WINS service (!) which would possibly allow a hacker (or a virus to be released) full code execution permission on any system running any of these OS'es! These 'holes' have been discovered about 6 months ago, however MS has decided to wait with the release of this information until the patches were available. So, make sure to download these updates if you're using any of these!
quote: A security vulnerability exists in the Microsoft ASN.1 Library that could allow code execution on an affected system. The vulnerability is caused by an unchecked buffer in the Microsoft ASN.1 Library, which could result in a buffer overflow.
An attacker who successfully exploited this buffer overflow vulnerability could execute code with system privileges on an affected system. The attacker could then take any action on the system, including installing programs, viewing data, changing data, deleting data, or creating new accounts with full privileges.
Abstract Syntax Notation 1 (ASN.1) is a data standard that is used by many applications and devices in the technology industry for allowing the normalization and understanding of data across various platforms. More information about ASN.1 can be found in Microsoft Knowledge Base Article 252648.
For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Windows Security Bulletin Summary for Windows
|
portfolio - linkshrinker - oxle - twitter |
|