The Web    Google
Microsoft Patches 'Critical' ASN.1 Vulnerability

Microsoft Patches 'Critical' ASN.1 Vulnerability
February 10, 2004
Ryan NaraineBy

Microsoft (Quote, Chart) on Tuesday issued a "critical" alert for a buffer overflow flaw in its implementation of the Abstract Syntax Notation 1 (ASN.1) data standard, warning that malicious hackers could seize complete control of unpatched machines.

The patch for the Microsoft ASN.1 Library was released with a chilling warning that a successful exploit would allow an attacker to install programs, view data, change data, delete data, or create new user accounts with full privileges.

The ASN.1 standard is used by many applications and devices in the technology industry to allow the normalization and understanding of data across various platforms.

The flaw carries a "critical" rating on Windows NT 4.0, Windows NT Server 4.0 Terminal Server Edition, Windows 2000, Windows XP and Windows Server 2003.

As part of its scheduled February patch release, Microsoft also issued fixes for two other vulnerabilities -- in the Windows Internet Naming Service (WINS) and in the Virtual PC for Mac. Both bulletins are rated "important."

The software giant urged customers using the Windows Internet Naming Service (WINS) to install the patch at the earliest opportunity. A successful exploit could lead to malicious code execution.

In the alert, Microsoft said the bug exists because of the method used by WINS to validate the length of specially-crafted packets. "On Windows Server 2003 this vulnerability could allow an attacker who sent a series of specially-crafted packets to a WINS server to cause the service to fail. Most likely, this could cause a denial of service."

A third security fix was also issued for a vulnerability in Virtual PC for Mac that could lead to privilege elevation. The flaw affects the Virtual PC for Mac version 6.0 through 6.1.

The hole exists because of the method by which the software creates a temporary file when you run Virtual PC for Mac, Microsoft explained, warning that an attacker could insert malicious code into the file which could cause the code to be run with system privileges. "This could give the attacker complete control over the system."

Microsoft also announced the re-release of security bulletin MS03-051 to provide 64-bit support. That patch was first issued last November to fix "critical" buffer overflows in Microsoft FrontPage Server Extensions.

  • New Alliance Opposes Anti-Piracy Mandates
  • House to Create Homeland Security Oversight Committee
  • Phishing Scams Increase 1,200% in 6 Months
  • 4/15: Kelvir-J an IM Worm
  • Bagle-BK Worm Downloads Code
  • 4/6: Mydoom-AJ Worm Uses Email
  • Free! Expert Help Fixing Your Top Security Problems
  • 1/12: Kobot-B Worm Uses 3 Windows Flaws
  • Visa is monitoring merchants for security compliance
  • 8/20: Rbot-GR Has Trojan Abilities
  • AT&T on DoS: Early Detection Equals Prevention
  • Security Camera Industry Information