10-02-04

nog 2 exxentiële patches voor MS

MS04-005 Vulnerability in Virtual PC for Mac could lead to privilege elevation

A security vulnerability exists in Microsoft Virtual PC for Mac. The vulnerability exists because of the method by which Virtual PC for Mac creates a temporary file when you run Virtual PC for Mac. An attacker could exploit this vulnerability by inserting malicious code into the file which could cause the code to be run with system privileges. This could give the attacker complete control over the system.  To exploit this vulnerability, an attacker would have to already have a valid logon account on the local system, or the attacker would already have to have access to a valid logon account.

http://www.microsoft.com/technet/security/Bulletin/MS04-005.asp


MS04-006 Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution

A security vulnerability exists in the Windows Internet Naming Service (WINS). This vulnerability exists because of the method that WINS users to validate the length of specially-crafted packets. On Windows Server 2003 this vulnerability could allow an attacker who sent a series of specially-crafted packets to a WINS server to cause the service to fail. Most likely, this could cause a denial of service, and the service would have to be manually restarted to restore functionality.  The possibility of a denial of service on Windows Server 2003 results from the presence of a security feature that is used in the development of Windows Server 2003. This security feature detects when an attempt is made to exploit a stack-based buffer overrun and reduces the chance that it can be easily exploited. This security feature can be forced to terminate the service to prevent malicious code execution. On Windows Server 2003, when an attempt is made to exploit the buffer overrun, the security feature reacts and terminates the service. This results in a denial of service condition of WINS. Because it is possible that methods may be found in the future to bypass this security feature, which could then enable code execution, customers should apply the update.

http://www.microsoft.com/technet/security/Bulletin/MS04-006.asp

23:57 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.