|
PureBytes Links
Trading Reference Links
|
Just received, FYI
Richard Chehovin
-----Original Message-----
From: Microsoft Product Security <secnotif@xxxxxxxxxxxxx>
To: MICROSOFT_SECURITY@xxxxxxxxxxxxxxxxxxxxxx
<MICROSOFT_SECURITY@xxxxxxxxxxxxxxxxxxxxxx>
Date: Friday, November 20, 1998 5:30 PM
Subject: Microsoft Security Bulletin (MS98-017)
>The following is a Security Bulletin from the Microsoft Product Security
>Notification Service.
>
>Please do not reply to this message, as it was sent from an unattended
>mailbox.
> ********************************
>
>Microsoft Security Bulletin (MS98-017)
>--------------------------------------
>
>Patch Available for "Named Pipes Over RPC" Issue
>
>Originally Posted: November 19, 1998
>
>Summary
>=======
>Microsoft has released a patch that fixes a vulnerability in the way
>Microsoft (r) Windows NT (r) 4.0 handles named pipes over the Remote
>Procedure Call (RPC) services. An attacker could create a denial of service
>situation on a Windows NT 4.0 system by opening multiple named pipe
>connections to RPC services and sending random data.
>
>A fully supported fix for this problem is available. As detailed below in
>What Customers Should Do, Microsoft recommends that customers evaluate the
>risk that this vulnerability poses to their systems and apply the patch if
>appropriate.
>
>Issue
>=====
>The underlying problem is the way that Windows NT 4.0 attempts to shut down
>invalid named pipe RPC connections. An attacker could exploit this problem
>to create a denial of service condition by opening multiple named pipe
>connections and sending random data. When the RPC service attempts to close
>the invalid connections, the service consumes all CPU resources and memory
>use grows considerably, which may result in the system hanging. This is a
>denial of service vulnerability only; there is no risk of compromise or
loss
>of data from the attacked system.
>
>Different attack programs may target different system services. Two of the
>services typically targeted are the SPOOLSS and LSASS system service
>processes.
>
>Affected Software Versions
>==========================
> - Microsoft Windows NT Workstation 4.0
> - Microsoft Windows NT Server 4.0
> - Microsoft Windows NT Server 4.0, Enterprise Edition
> - Microsoft Windows NT Server 4.0, Terminal Server Edition
>
>What Microsoft is Doing
>=======================
>On November 19 Microsoft released a patch that fixes the problem
identified.
>This patch is available for download from the sites listed below.
>
>Microsoft has sent this security bulletin to customers
>subscribing to the Microsoft Product Security Notification Service
>(see http://www.microsoft.com/security/services/bulletin.asp for
>more information about this free customer service).
>
>Microsoft has published the following Knowledge Base (KB) articles on this
>issue:
> - Microsoft Knowledge Base (KB) article Q195733, Denial
> of Service in Applications Using Named Pipes Over RPC
> http://support.microsoft.com/support/kb/articles/q195/7/33.asp
> (Note: It might take 24 hours from the original posting of
> this bulletin for the updated KB article to be visible in the
> Web-based Knowledge Base.)
>
>Microsoft has posted hot fixes to address this problem:
> - Fix for X86 version of Microsoft Windows NT Workstation 4.0,
> Microsoft Windows NT Server 4.0,
> Microsoft Windows NT Server 4.0, Enterprise Edition
> ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes
> /usa/NT40/hotfixes-postSP4/nprpc-fix/nprpcfxi.exe
> (Note: the above URL has been wrapped for readability)
> - Fix for Alpha version of Microsoft Windows NT Workstation 4.0,
> Microsoft Windows NT Server 4.0,
> Microsoft Windows NT Server 4.0, Enterprise Edition
> ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes
> /usa/NT40/hotfixes-postSP4/nprpc-fix/nprpcfxa.exe
> (Note: the above URL has been wrapped for readability)
> - Fix for Microsoft Windows NT Server 4.0, Terminal Server
> Edition - This fix will be released shortly. When it is
> available, http://www.microsoft.com/security will carry an
> announcement that provides the location of the fix.
>
>What customers should do
>========================
>The patch for this vulnerability is fully supported. However, it has not
>been fully regression tested and should only be applied to systems
>determined to be at risk of attack. A fully regression-tested version of
the
>patch will be available as part of the next Windows NT service pack.
>
>Microsoft recommends that customers evaluate the degree of risk that this
>vulnerability poses to their systems, based on physical accessibility,
>network and Internet connectivity, and other factors, and determine whether
>the appropriate course of action is to apply the patch or wait for the next
>service pack.
>
>More Information
>================
>Please see the following references for more information related to this
>issue.
> - Microsoft Security Bulletin 98-017, Patch Available for Named
> Pipes Transport Issue (the Web-posted version of this bulletin),
> http://www.microsoft.com/security/bulletins/ms98-017.asp.
> - Microsoft Knowledge Base (KB) article Q195733, Denial of Service
> in Applications Using Named Pipes Over RPC
> http://support.microsoft.com/support/kb/articles/q195/7/33.asp
>
>Obtaining Support on this Issue
>===============================
>This is a supported patch. If you have problems installing this
>patch or require technical assistance with this patch, please
>contact Microsoft Technical Support. For information on contacting
>Microsoft Technical Support, please see
>http://support.microsoft.com/support/contact/default.asp
>
>Acknowledgements
>================
>Microsoft wishes to acknowledge the issue was reported by Mnemonix
>and the contributions of Internet Security Systems, Inc.
>(http://www.iss.net) for investigating the problem with us.
>
>Revisions
>=========
> - November 20, 1998: Bulletin Created
>
>For additional security-related information about Microsoft products,
>please visit http://www.microsoft.com/security
>
>-----------------------------------------------------------------
>
>THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS
IS"
>WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER
>EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS
>FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS
>SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
>INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES,
EVEN
>IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
>POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR
>LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE
>FOREGOING LIMITATION MAY NOT APPLY.
>
>
>(c) 1998 Microsoft and/or its suppliers. All rights reserved.
>For Terms of Use see
http://support.microsoft.com/support/misc/cpyright.asp.
>
> *******************************************************************
>You have received this e-mail bulletin as a result of your registration
>to the Microsoft Product Security Notification Service. You may
>unsubscribe from this e-mail notification service at any time by sending
>an e-mail to MICROSOFT_SECURITY-SIGNOFF-REQUEST@xxxxxxxxxxxxxxxxxxxxxx
>The subject line and message body are not used in processing the request,
>and can be anything you like.
>
>For more information on the Microsoft Security Notification Service
>please visit http://www.microsoft.com/security/bulletin.htm. For
>security-related information about Microsoft products, please visit the
>Microsoft Security Advisor web site at http://www.microsoft.com/security.
|