Generator Microsoft Word 11 (filtered medium) Fellow Micronetters,
For your information.
-Mike Blasingame
What is this alert?
This alert is to notify you that Microsoft has released Security Advisory 922437 - Exploit Code Published Affecting the Server Service - on 11 August 2006.
========================================
Overview:
========================================
Microsoft is aware that detailed exploit code has been published on the Internet for the vulnerability that is addressed by Microsoft security bulletin MS06-040. Microsoft has verified the published exploit code to work on Windows 2000 and Windows XP Service Pack 1 only; this code does not affect Windows XP Service Pack 2, Windows Server 2003, or Windows Server 2003 Service Pack 1. At this time our investigation of this exploit code has verified that it does not affect customers who have installed the update detailed in MS06-040 on their computers.
While Microsoft was aware of very limited, targeted attacks that exploited the vulnerability prior to the release of the update, we are not currently aware of active attacks that use this newly posted exploit code nor are we aware of additional customer impact at this time. Microsoft is actively monitoring this situation in conjunction with our Microsoft Security Response Alliance partners and will keep customers informed and provide customer guidance as necessary.
Microsoft continues to recommend that customers apply the updates to the affected products by enabling the Automatic Updates feature in Windows or using their deployment infrastructure in their enterprise or small business.
========================================
Mitigating Factors:
========================================
. Customers who have installed the MS06-040 security update are not affected by this vulnerability.
. While installation of the update is the recommended action, customers who have applied the mitigations as identified in MS06-040 will have minimized their exposure and potential exploitability against an attack.
========================================
Answers to Common Questions:
========================================
Q: Is this a security vulnerability that requires Microsoft to issue a new security update?
A: No. Customers who have installed the MS06-040 security update are not affected by this vulnerability. No additional update is required.
Q: What causes the vulnerability?
A: An unchecked buffer in the Server service.
Q: How could an attacker exploit the vulnerability?
A: An attacker could try to exploit the vulnerability by creating a specially crafted message and sending the message to an affected system. The message could then cause the affected system to execute code.
========================================
Recommendations:
========================================
Review Security Advisory 922437 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQ) and links to additional resources.
Install MS06-040 security update to help protect against this vulnerability.
Customers who believe they have been attacked should contact their local FBI office or report their situation to www.ic3.gov. Customers outside the U.S. should contact the national law enforcement agency in their country.
Customers who believe they are affected can contact Product Support Services. Contact Product Support Services in North America for help with security update issues or viruses at no charge using the PC Safety line (1866-PCSAFETY) and international customers by using any method found at this location: http://support.microsoft.com/security.
========================================
Additional Resources:
========================================
. Security Advisory 922437 - Exploit Code Published Affecting the Server Service
http://www.microsoft.com/technet/security/advisory/922437.mspx
. Microsoft Security Bulletin MS06-040 - Vulnerability in Server Service Could Allow Remote Code Execution (921883): http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx
. MSRC Blog:
http://blogs.technet.com/msrc/
Note: check the MSRC Blog periodically as new information may appear there.
========================================
Regarding Information Consistency:
========================================
We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Security Advisories posted to the web are occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in the web-based Security Advisory, the information in the web-based Security Advisory is authoritative.
If you have any questions regarding this alert please contact your Technical Account Manager.
Thanks,
Shanti
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Fri Aug 11 14:16:05 2006
This archive was generated by hypermail 2.1.8 : Fri Aug 11 2006 - 14:16:06 PDT